Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
added helmet for better standard of protection across the board
- Loading branch information
Showing
with
4 additions
and
1 deletion.
-
+1
−0
install/package.json
-
+0
−1
src/middleware/headers.js
-
+3
−0
src/webserver.js
|
@@ -43,6 +43,7 @@ |
|
|
"express-session": "^1.15.6", |
|
|
"express-useragent": "1.0.8", |
|
|
"graceful-fs": "^4.1.11", |
|
|
"helmet": "^3.11.0", |
|
|
"html-to-text": "3.3.0", |
|
|
"ipaddr.js": "^1.5.4", |
|
|
"jimp": "0.2.28", |
|
|
|
@@ -11,7 +11,6 @@ module.exports = function (middleware) { |
|
|
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN', |
|
|
'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''), |
|
|
'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''), |
|
|
'Referrer-Policy': 'strict-origin-when-cross-origin', // consider using helmet? |
|
|
}; |
|
|
|
|
|
if (meta.config['access-control-allow-origin']) { |
|
|
|
@@ -17,6 +17,7 @@ var cookieParser = require('cookie-parser'); |
|
|
var session = require('express-session'); |
|
|
var useragent = require('express-useragent'); |
|
|
var favicon = require('serve-favicon'); |
|
|
var helmet = require('helmet'); |
|
|
|
|
|
var db = require('./database'); |
|
|
var file = require('./file'); |
|
@@ -171,6 +172,8 @@ function setupExpressApp(app, callback) { |
|
|
saveUninitialized: true, |
|
|
})); |
|
|
|
|
|
app.use(helmet()); |
|
|
app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' })); |
|
|
app.use(middleware.addHeaders); |
|
|
app.use(middleware.processRender); |
|
|
auth.initialize(app, middleware); |
|
|