How to use the lusca.hsts function in lusca

To help you get started, we’ve selected a few lusca examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github avoidwork / tenso / src / utility.js View on Github external
luscaCsp = lusca.csp(config.security.csp);
		obj.server.use(luscaCsp).blacklist(luscaCsp);
	}

	if (!isEmpty(config.security.xframe || "")) {
		luscaXframe = lusca.xframe(config.security.xframe);
		obj.server.use(luscaXframe).blacklist(luscaXframe);
	}

	if (!isEmpty(config.security.p3p || "")) {
		luscaP3p = lusca.p3p(config.security.p3p);
		obj.server.use(luscaP3p).blacklist(luscaP3p);
	}

	if (config.security.hsts instanceof Object) {
		luscaHsts = lusca.hsts(config.security.hsts);
		obj.server.use(luscaHsts).blacklist(luscaHsts);
	}

	if (config.security.xssProtection instanceof Object) {
		luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
		obj.server.use(luscaXssProtection).blacklist(luscaXssProtection);
	}

	// Can fork to `middleware.keymaster()`
	obj.server.use(middleware.zuul).blacklist(middleware.zuul);

	if (stateless && !stateful) {
		init(false);
	} else {
		init(true);
github avoidwork / tenso / lib / utility.js View on Github external
luscaCsp = lusca.csp(config.security.csp);
		obj.always(luscaCsp).blacklist(luscaCsp);
	}

	if (isEmpty(config.security.xframe || "") === false) {
		luscaXframe = lusca.xframe(config.security.xframe);
		obj.always(luscaXframe).blacklist(luscaXframe);
	}

	if (isEmpty(config.security.p3p || "") === false) {
		luscaP3p = lusca.p3p(config.security.p3p);
		obj.always(luscaP3p).blacklist(luscaP3p);
	}

	if (config.security.hsts instanceof Object) {
		luscaHsts = lusca.hsts(config.security.hsts);
		obj.always(luscaHsts).blacklist(luscaHsts);
	}

	if (config.security.xssProtection) {
		luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
		obj.always(luscaXssProtection).blacklist(luscaXssProtection);
	}

	if (config.security.nosniff) {
		luscaNoSniff = lusca.nosniff();
		obj.always(luscaNoSniff).blacklist(luscaNoSniff);
	}

	// Can fork to `middleware.keymaster()`
	obj.always(middleware.zuul).blacklist(middleware.zuul);
github jhwohlgemuth / tomo-cli / dist / commands / create-server / templates / server.js View on Github external
try {
                const html = md.render(str);
                fn(null, html);
            } catch (err) {
                fn(err);
            }
        });
    })
    .set('view engine', 'html')
    .set('views', `${__dirname}/public`)
    .use(session(config.get('session')))
    .use(setCsrfHeader)
    .disable('x-powered-by') // Do not advertise Express
    // .use(lusca.csrf()) // Cross Site Request Forgery
    // .use(lusca.csp({policy: config.csp})) // Content Security Policy
    .use(lusca.hsts({maxAge: 31536000}))
    .use(lusca.xssProtection(true))
    .use(helmet.noSniff())
    .use(helmet.ieNoOpen())
    .use(helmet.referrerPolicy({policy: 'no-referrer'}))
    .use(compress()) // Use gzip compression
    .use(express.static(__dirname)); // Serve static files
app.get('/', verifyCsrfHeader, (req, res) => {
    res.render('index', {
        message: 'The server is functioning properly!'
    });
});
app.get('/:page.md', verifyCsrfHeader, (req, res) => {
    const {page} = req.params;
    res.render(`${page}.md`);
});
github avoidwork / tenso / lib / tenso.es6.js View on Github external
luscaCsp = lusca.csp(config.security.csp);
		obj.server.use(luscaCsp).blacklist(luscaCsp);
	}

	if (!string.isEmpty(config.security.xframe || "")) {
		luscaXframe = lusca.xframe(config.security.xframe);
		obj.server.use(luscaXframe).blacklist(luscaXframe);
	}

	if (!string.isEmpty(config.security.p3p || "")) {
		luscaP3p = lusca.p3p(config.security.p3p);
		obj.server.use(luscaP3p).blacklist(luscaP3p);
	}

	if (config.security.hsts instanceof Object) {
		luscaHsts = lusca.hsts(config.security.hsts);
		obj.server.use(luscaHsts).blacklist(luscaHsts);
	}

	if (config.security.xssProtection instanceof Object) {
		luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
		obj.server.use(luscaXssProtection).blacklist(luscaXssProtection);
	}

	protection = zuul(config.auth.protect);
	obj.server.use(protection).blacklist(protection);

	if (stateless && !stateful) {
		init(false);
	} else {
		init(true);
github omahajs / generator-omaha / generators / server / templates / _server.js View on Github external
fn(err);
              }
        });
    })
    .set('views', __dirname + '/markdown')
    .set('view engine', 'md')
    .use(session(config.get('session')))
    .use(function (req, res, next) {
        res.set('X-CSRF', config.get('session').secret);
        return next();
    })
    .disable('x-powered-by')                /** Do not advertise Express **/
    .use(lusca.csrf())                      /** Cross Site Request Forgery **/
    .use(lusca.csp({policy: config.csp}))   /** Content Security Policy **/
    .use(lusca.xframe('SAMEORIGIN'))        /** Helps prevent Clickjacking **/
    .use(lusca.hsts({ maxAge: 31536000 }))
    .use(lusca.xssProtection(true))
    .use(helmet.noSniff())
    .use(helmet.ieNoOpen())
    .use(helmet.publicKeyPins({
        maxAge: NINETY_DAYS_IN_MILLISECONDS,
        sha256s: ['base64==', 'base64=='],  /** Needs to be changed **/
        includeSubdomains: true
    }))
    .use(compress())                        /** Use gzip compression **/
    .use(express.static(__dirname));        /** Serve static files **/
app.get('/', function(req, res) {
    if (res.get('X-CSRF') === config.get('session').secret) {
        res.redirect('/client');
    } else {
        res.status(412).end();
    }

lusca

Application security for express.

Unrecognized
Latest version published 4 years ago

Package Health Score

57 / 100
Full package analysis