wikijs-fork/middlewares/security.js
2016-08-16 20:56:55 -04:00

28 lines
703 B
JavaScript

/**
* Security Middleware
*
* @param {Express Request} req Express request object
* @param {Express Response} res Express response object
* @param {Function} next next callback function
* @return {any} void
*/
module.exports = function(req, res, next) {
//-> Disable X-Powered-By
app.disable('x-powered-by');
//-> Disable Frame Embedding
res.set('X-Frame-Options', 'deny');
//-> Re-enable XSS Fitler if disabled
res.set('X-XSS-Protection', '1; mode=block');
//-> Disable MIME-sniffing
res.set('X-Content-Type-Options', 'nosniff');
//-> Disable IE Compatibility Mode
res.set('X-UA-Compatible', 'IE=edge');
return next();
};