2017-02-09 01:52:37 +00:00
|
|
|
'use strict'
|
|
|
|
|
2017-04-02 23:56:47 +00:00
|
|
|
/* global app */
|
|
|
|
|
2016-08-17 00:56:55 +00:00
|
|
|
/**
|
|
|
|
* Security Middleware
|
|
|
|
*
|
|
|
|
* @param {Express Request} req Express request object
|
|
|
|
* @param {Express Response} res Express response object
|
|
|
|
* @param {Function} next next callback function
|
|
|
|
* @return {any} void
|
|
|
|
*/
|
2017-02-09 01:52:37 +00:00
|
|
|
module.exports = function (req, res, next) {
|
|
|
|
// -> Disable X-Powered-By
|
|
|
|
app.disable('x-powered-by')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
// -> Disable Frame Embedding
|
|
|
|
res.set('X-Frame-Options', 'deny')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
// -> Re-enable XSS Fitler if disabled
|
|
|
|
res.set('X-XSS-Protection', '1; mode=block')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
// -> Disable MIME-sniffing
|
|
|
|
res.set('X-Content-Type-Options', 'nosniff')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
// -> Disable IE Compatibility Mode
|
|
|
|
res.set('X-UA-Compatible', 'IE=edge')
|
2017-10-14 18:32:57 +00:00
|
|
|
|
2017-10-13 03:24:48 +00:00
|
|
|
// -> Disables referrer header when navigating to a different origin
|
|
|
|
res.set('Referrer-Policy', 'same-origin')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
return next()
|
|
|
|
}
|