Skip to content
Snippets Groups Projects
Select Git revision
  • 792f6cdad1c34b0994be8da824d65a98f8414251
  • main default protected
  • develop
  • 2.3.1
  • 2.3.0
  • 2.2.3
  • 2.2.2
7 results

index.js

Blame
  • index.js 3.72 KiB
    
    module.exports = function(options) {
      return function(req, res, next) {
        if(!options) options = {}
    
        if (typeof options.CacheControl === 'undefined') {
          options.CacheControl = 'no-cache, no-store, must-revalidate'
        }
        if (options.CacheControl !== false) {
          res.set('Cache-Control', options.CacheControl)
        }
    
        if (typeof options.Pragma === 'undefined') {
          options.Pragma = 'no-cache'
        }
        if (options.Pragma !== false) {
          res.set('Pragma', options.Pragma)
        }
    
        if (typeof options.Expires === 'undefined') {
          options.Expires = '0'
        }
        if (options.Expires !== false) {
          res.set('Expires', options.Expires)
        }
    
        if (typeof options.ContentSecurityPolicy === 'undefined') {
          options.ContentSecurityPolicy = 'default-src \'self\'; frame-ancestors \'none\''
        }
        if (options.ContentSecurityPolicy !== false) {
          res.set('Content-Security-Policy', options.ContentSecurityPolicy )
        }
    
        if (typeof options.XXSSProtection === 'undefined') {
          options.XXSSProtection = '1; mode=block'
        }
        if (options.XXSSProtection !== false) {
          res.set('X-XSS-Protection', options.XXSSProtection)
        }
    
        if (typeof options.XDNSPrefetchControl === 'undefined') {
          options.XDNSPrefetchControl = 'off'
        }
        if (options.XDNSPrefetchControl !== false) {
          res.set('X-DNS-Prefetch-Control', options.XDNSPrefetchControl)
        }
    
        if (typeof options.ExpectCT === 'undefined') {
          options.ExpectCT = 'enforce; max-age=30; report-uri="/_report"'
        }
        if (options.ExpectCT !== false) {
          res.set('Expect-CT', options.ExpectCT)
        }
    
        if (typeof options.XFrameOptions === 'undefined') {
          options.XFrameOptions = 'deny'
        }
        if (options.XFrameOptions !== false) {
          res.set('X-Frame-Options', options.XFrameOptions)
        }
    
        if (typeof options.XPoweredBy === 'undefined') {
          options.XPoweredBy = true
        }
        if (options.XPoweredBy !== false) {
          res.removeHeader('X-Powered-By')
        }
    
        if (typeof options.StrictTransportSecurity === 'undefined') {
          options.StrictTransportSecurity = 'max-age=30'