Skip to content

Commit

Permalink
feat: add no sniff
Browse files Browse the repository at this point in the history
  • Loading branch information
thetutlage committed Oct 26, 2019
1 parent 2dcc00a commit f074a28
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 0 deletions.
28 changes: 28 additions & 0 deletions src/noSniff.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
* @adonisjs/shield
*
* (c) Harminder Virk <virk@adonisjs.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

/// <reference path="../adonis-typings/index.ts" />

import { ContentTypeSniffingOptions } from '@ioc:Adonis/Addons/Shield'
import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'

/**
* Adds `X-Content-Type-Options` header based upon given
* user options
*/
export function noSniff (options: ContentTypeSniffingOptions) {
if (!options.enabled) {
return function noSniffMiddlewareFn (_ctx: HttpContextContract) {
}
}

return function noSniffMiddlewareFn ({ response }: HttpContextContract) {
response.header('X-Content-Type-Options', 'nosniff')
}
}
30 changes: 30 additions & 0 deletions test/no-sniff.spec.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
* @adonisjs/shield
*
* (c) Harminder Virk <virk@adonisjs.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

import test from 'japa'
import { HttpContext } from '@adonisjs/http-server/build/standalone'
import { noSniff } from '../src/noSniff'

test.group('No Sniff', () => {
test('return noop function when enabled is false', (assert) => {
const middlewareFn = noSniff({ enabled: false })
const ctx = HttpContext.create('/', {}, {}, {}, {})
middlewareFn(ctx)

assert.isUndefined(ctx.response.getHeader('X-Content-Type-Options'))
})

test('set X-Content-Type-Options header', (assert) => {
const middlewareFn = noSniff({ enabled: true })
const ctx = HttpContext.create('/', {}, {}, {}, {})
middlewareFn(ctx)

assert.equal(ctx.response.getHeader('X-Content-Type-Options'), 'nosniff')
})
})

0 comments on commit f074a28

Please sign in to comment.