wikijs-fork/server/middlewares/security.js

'use strict'

/**
 * Security Middleware
 *
 * @param      {Express Request}   req     Express request object
 * @param      {Express Response}  res     Express response object
 * @param      {Function}          next    next callback function
 * @return     {any}               void
 */
module.exports = function (req, res, next) {
  // -> Disable X-Powered-By
  req.app.disable('x-powered-by')

  // -> Disable Frame Embedding
  res.set('X-Frame-Options', 'deny')

  // -> Re-enable XSS Fitler if disabled
  res.set('X-XSS-Protection', '1; mode=block')

  // -> Disable MIME-sniffing
  res.set('X-Content-Type-Options', 'nosniff')

  // -> Disable IE Compatibility Mode
  res.set('X-UA-Compatible', 'IE=edge')

  // -> Disables referrer header when navigating to a different origin
  res.set('Referrer-Policy', 'same-origin')

  return next()
}
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`'use strict'`

Base Project Files 2016-08-17 00:56:55 +00:00			`/**`
			`* Security Middleware`
			`*`
			`* @param {Express Request} req Express request object`
			`* @param {Express Response} res Express response object`
			`* @param {Function} next next callback function`
			`* @return {any} void`
			`*/`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`module.exports = function (req, res, next) {`
			`// -> Disable X-Powered-By`
feat: GraphQL base implementation 2017-07-25 02:37:13 +00:00			`req.app.disable('x-powered-by')`
Base Project Files 2016-08-17 00:56:55 +00:00
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`// -> Disable Frame Embedding`
			`res.set('X-Frame-Options', 'deny')`
Base Project Files 2016-08-17 00:56:55 +00:00
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`// -> Re-enable XSS Fitler if disabled`
			`res.set('X-XSS-Protection', '1; mode=block')`
Base Project Files 2016-08-17 00:56:55 +00:00
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`// -> Disable MIME-sniffing`
			`res.set('X-Content-Type-Options', 'nosniff')`
Base Project Files 2016-08-17 00:56:55 +00:00
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`// -> Disable IE Compatibility Mode`
			`res.set('X-UA-Compatible', 'IE=edge')`
Base Project Files 2016-08-17 00:56:55 +00:00
Added Referrer Policy 2017-10-13 03:24:48 +00:00			`// -> Disables referrer header when navigating to a different origin`
			`res.set('Referrer-Policy', 'same-origin')`
Base Project Files 2016-08-17 00:56:55 +00:00
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`return next()`
			`}`