wikijs-fork/server/middlewares/security.js

32 lines
846 B
JavaScript
Raw Normal View History

2017-02-09 01:52:37 +00:00
'use strict'
2016-08-17 00:56:55 +00:00
/**
* Security Middleware
*
* @param {Express Request} req Express request object
* @param {Express Response} res Express response object
* @param {Function} next next callback function
* @return {any} void
*/
2017-02-09 01:52:37 +00:00
module.exports = function (req, res, next) {
// -> Disable X-Powered-By
2017-07-25 02:37:13 +00:00
req.app.disable('x-powered-by')
2016-08-17 00:56:55 +00:00
2017-02-09 01:52:37 +00:00
// -> Disable Frame Embedding
res.set('X-Frame-Options', 'deny')
2016-08-17 00:56:55 +00:00
2017-02-09 01:52:37 +00:00
// -> Re-enable XSS Fitler if disabled
res.set('X-XSS-Protection', '1; mode=block')
2016-08-17 00:56:55 +00:00
2017-02-09 01:52:37 +00:00
// -> Disable MIME-sniffing
res.set('X-Content-Type-Options', 'nosniff')
2016-08-17 00:56:55 +00:00
2017-02-09 01:52:37 +00:00
// -> Disable IE Compatibility Mode
res.set('X-UA-Compatible', 'IE=edge')
2016-08-17 00:56:55 +00:00
2017-10-13 03:24:48 +00:00
// -> Disables referrer header when navigating to a different origin
res.set('Referrer-Policy', 'same-origin')
2016-08-17 00:56:55 +00:00
2017-02-09 01:52:37 +00:00
return next()
}