Permalink
Browse files

added helmet for better standard of protection across the board

  • Loading branch information...
julianlam committed Feb 21, 2018
1 parent c7b73b4 commit 98b0bdc7e10dcaa524ca9476ee5262242d2a6ebc
Showing with 4 additions and 1 deletion.
  1. +1 −0 install/package.json
  2. +0 −1 src/middleware/headers.js
  3. +3 −0 src/webserver.js
@@ -43,6 +43,7 @@
"express-session": "^1.15.6",
"express-useragent": "1.0.8",
"graceful-fs": "^4.1.11",
"helmet": "^3.11.0",
"html-to-text": "3.3.0",
"ipaddr.js": "^1.5.4",
"jimp": "0.2.28",
@@ -11,7 +11,6 @@ module.exports = function (middleware) {
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''),
'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''),
'Referrer-Policy': 'strict-origin-when-cross-origin', // consider using helmet?
};
if (meta.config['access-control-allow-origin']) {
@@ -17,6 +17,7 @@ var cookieParser = require('cookie-parser');
var session = require('express-session');
var useragent = require('express-useragent');
var favicon = require('serve-favicon');
var helmet = require('helmet');
var db = require('./database');
var file = require('./file');
@@ -171,6 +172,8 @@ function setupExpressApp(app, callback) {
saveUninitialized: true,
}));
app.use(helmet());
app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
app.use(middleware.addHeaders);
app.use(middleware.processRender);
auth.initialize(app, middleware);

0 comments on commit 98b0bdc

Please sign in to comment.