code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

set some http security headers

Browse Source
This commit is contained in:
none 2023-05-03 10:42:32 +02:00
parent 03a6a46f55
commit fcf98a8b4f
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server.js
View File

@ -270,6 +270,12 @@ const hstsMiddleware = hsts({
}) })
app.use((req, res, next) => { app.use((req, res, next) => {
res.set("x-powered-by", "ipost");
res.set("X-Frame-Options","DENY");
res.set("X-XSS-Protection","1; mode=block");
res.set("X-Content-Type-Options","nosniff");
res.set("Referrer-Policy","no-referrer");
if (req.secure) { if (req.secure) {
hstsMiddleware(req, res, next) hstsMiddleware(req, res, next)
} else { } else {
@ -319,7 +325,6 @@ app.use((req, res, next) => {
}); });
app.use("/*", function (req, res, next) { app.use("/*", function (req, res, next) {
res.set("x-powered-by", "ipost");
for (let i = 0; i < blocked_headers.length; i++) { for (let i = 0; i < blocked_headers.length; i++) {
if (req.header(blocked_headers[i]) !== undefined) { if (req.header(blocked_headers[i]) !== undefined) {
res.json({ "error": "we don't allow proxies on our website." }); res.json({ "error": "we don't allow proxies on our website." });