2017-02-09 01:52:37 +00:00
|
|
|
'use strict'
|
|
|
|
|
2016-08-17 00:56:55 +00:00
|
|
|
/**
|
|
|
|
* Security Middleware
|
|
|
|
*
|
|
|
|
* @param {Express Request} req Express request object
|
|
|
|
* @param {Express Response} res Express response object
|
|
|
|
* @param {Function} next next callback function
|
|
|
|
* @return {any} void
|
|
|
|
*/
|
2017-02-09 01:52:37 +00:00
|
|
|
module.exports = function (req, res, next) {
|
|
|
|
// -> Disable X-Powered-By
|
2017-07-25 02:37:13 +00:00
|
|
|
req.app.disable('x-powered-by')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
// -> Disable Frame Embedding
|
|
|
|
res.set('X-Frame-Options', 'deny')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
// -> Re-enable XSS Fitler if disabled
|
|
|
|
res.set('X-XSS-Protection', '1; mode=block')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
// -> Disable MIME-sniffing
|
|
|
|
res.set('X-Content-Type-Options', 'nosniff')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
// -> Disable IE Compatibility Mode
|
|
|
|
res.set('X-UA-Compatible', 'IE=edge')
|
2016-08-17 00:56:55 +00:00
|
|
|
|
2017-02-09 01:52:37 +00:00
|
|
|
return next()
|
|
|
|
}
|