From fcf98a8b4f5334f876f2353979c84f34a2189236 Mon Sep 17 00:00:00 2001
From: none <Mystikfluu@gmail.com>
Date: Wed, 3 May 2023 10:42:32 +0200
Subject: [PATCH] set some http security headers

---
 server.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index c58e641..47d8c34 100644
--- a/server.js
+++ b/server.js
@@ -270,6 +270,12 @@ const hstsMiddleware = hsts({
 })
 
 app.use((req, res, next) => {
+    res.set("x-powered-by", "ipost");
+    res.set("X-Frame-Options","DENY");
+    res.set("X-XSS-Protection","1; mode=block");
+    res.set("X-Content-Type-Options","nosniff");
+    res.set("Referrer-Policy","no-referrer");
+
     if (req.secure) {
       hstsMiddleware(req, res, next)
     } else {
@@ -319,7 +325,6 @@ app.use((req, res, next) => {
 });
 
 app.use("/*", function (req, res, next) {
-    res.set("x-powered-by", "ipost");
     for (let i = 0; i < blocked_headers.length; i++) {
         if (req.header(blocked_headers[i]) !== undefined) {
             res.json({ "error": "we don't allow proxies on our website." });