harden server with helmet extensions
This commit is contained in:
parent
212312135e
commit
8a59759095
2 changed files with 20 additions and 1 deletions
|
@ -4,6 +4,9 @@ import * as AccessControl from 'express-ip-access-control';
|
|||
import * as compression from 'compression';
|
||||
import * as helmet from 'helmet';
|
||||
import * as opbeat from 'opbeat';
|
||||
import * as expectCt from 'expect-ct';
|
||||
import * as referrerPolicy from 'referrer-policy';
|
||||
|
||||
|
||||
import logging from './middleware/logging';
|
||||
import basicAuthHandler from './middleware/basic-auth';
|
||||
|
@ -12,11 +15,25 @@ import handle404 from './middleware/404';
|
|||
|
||||
import { Options } from './types';
|
||||
|
||||
const PKG = require('../package.json');
|
||||
|
||||
export default function createServer(opts : Options) : express.Application {
|
||||
const app = express();
|
||||
|
||||
app.disable('x-powered-by');
|
||||
app.use(helmet());
|
||||
app.use(helmet.hidePoweredBy({setTo: `tstatic ${PKG.version}`}));
|
||||
app.use(helmet.ieNoOpen());
|
||||
app.use(helmet.noCache());
|
||||
app.use(referrerPolicy({ policy: 'same-origin' }));
|
||||
app.use(expectCt({
|
||||
enforce: false,
|
||||
maxAge: 1000
|
||||
}));
|
||||
app.use(helmet.hsts({
|
||||
maxAge: 5184000,
|
||||
setIf: (req, res) => req.secure,
|
||||
}));
|
||||
|
||||
if (process.env.NODE_ENV !== 'test') {
|
||||
app.use(logging);
|
||||
}
|
||||
|
|
2
src/types/fakes.d.ts
vendored
2
src/types/fakes.d.ts
vendored
|
@ -10,3 +10,5 @@ declare module 'docopt';
|
|||
declare module 'open';
|
||||
declare module 'node-fetch';
|
||||
declare module 'chai';
|
||||
declare module 'expect-ct';
|
||||
declare module 'referrer-policy';
|
||||
|
|
Reference in a new issue