set some http security headers

2023-05-03 10:42:32 +02:00 · 2023-05-03 10:42:32 +02:00 · fcf98a8b4f
commit fcf98a8b4f
parent 03a6a46f55
1 changed files with 6 additions and 1 deletions
--- a/server.js
+++ b/server.js
@ -270,6 +270,12 @@ const hstsMiddleware = hsts({
 })

 app.use((req, res, next) => {
+    res.set("x-powered-by", "ipost");
+    res.set("X-Frame-Options","DENY");
+    res.set("X-XSS-Protection","1; mode=block");
+    res.set("X-Content-Type-Options","nosniff");
+    res.set("Referrer-Policy","no-referrer");
+
    if (req.secure) {
      hstsMiddleware(req, res, next)
    } else {
@ -319,7 +325,6 @@ app.use((req, res, next) => {
 });

 app.use("/*", function (req, res, next) {
-    res.set("x-powered-by", "ipost");
    for (let i = 0; i < blocked_headers.length; i++) {
        if (req.header(blocked_headers[i]) !== undefined) {
            res.json({ "error": "we don't allow proxies on our website." });