How to use the lusca.xframe function in lusca

To help you get started, we’ve selected a few lusca examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github adamalawrence / Ostia / app.js View on Github external
url: process.env.MONGODB_URI || process.env.MONGOLAB_URI,
    autoReconnect: true,
    clear_interval: 3600
  })
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use((req, res, next) => {
  if (req.path === '/api/upload') {
    next();
  } else {
    lusca.csrf()(req, res, next);
  }
});
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
app.use((req, res, next) => {
  res.locals.user = req.user;
  next();
});
app.use((req, res, next) => {
  // After successful login, redirect back to the intended page
  if (!req.user &&
      req.path !== '/login' &&
      req.path !== '/signup' &&
      !req.path.match(/^\/auth/) &&
      !req.path.match(/\./)) {
    req.session.returnTo = req.path;
  } else if (req.user &&
      req.path === '/account') {
    req.session.returnTo = req.path;
github jaygould / preact-jwt-apollo-boilerplate / server / index.js View on Github external
//Route handlers
const authApi = require('./controllers/auth.api');

//Create server
const app = express();

//Express configuration
app.set('port', process.env.PORT || process.env.OPENSHIFT_NODEJS_PORT || 1139);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');
app.use(compression());
app.use(morgan('dev'));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(cors());
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
app.use(
	express.static(path.join(__dirname, '../app', 'build'), {
		maxAge: 31557600000
	})
);

//Error handler
app.use(errorHandler());

//DB setup
mongoUtil.connectToServer(err => {
	if (err) return console.log(err);
});

//GraphQL setup
github avoidwork / tenso / lib / utility.js View on Github external
obj.always(fnCookie).blacklist(fnCookie);
		obj.always(middleware.bypass).blacklist(middleware.bypass);

		if (config.security.csrf) {
			luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
			obj.always(csrfWrapper).blacklist(csrfWrapper);
		}
	}

	if (config.security.csp instanceof Object) {
		luscaCsp = lusca.csp(config.security.csp);
		obj.always(luscaCsp).blacklist(luscaCsp);
	}

	if (isEmpty(config.security.xframe || "") === false) {
		luscaXframe = lusca.xframe(config.security.xframe);
		obj.always(luscaXframe).blacklist(luscaXframe);
	}

	if (isEmpty(config.security.p3p || "") === false) {
		luscaP3p = lusca.p3p(config.security.p3p);
		obj.always(luscaP3p).blacklist(luscaP3p);
	}

	if (config.security.hsts instanceof Object) {
		luscaHsts = lusca.hsts(config.security.hsts);
		obj.always(luscaHsts).blacklist(luscaHsts);
	}

	if (config.security.xssProtection) {
		luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
		obj.always(luscaXssProtection).blacklist(luscaXssProtection);
github vellengs / typerx / packages / server / dist / application.js View on Github external
const staticSrc = path.resolve(process.cwd(), 'public');
        this.app.use(express.static(staticSrc, { maxAge: 31557600000 }));
        this.app.use(cors());
        this.app.use(session({
            resave: true,
            saveUninitialized: true,
            secret: secrets_1.SESSION_SECRET,
            store: new MongoStore({
                url: secrets_1.MONGODB_URI,
                autoReconnect: true,
            }),
        }));
        this.app.use(expressValidator());
        this.app.use(passport.initialize());
        this.app.use(passport.session());
        this.app.use(lusca.xframe('SAMEORIGIN'));
        this.app.use(lusca.xssProtection(true));
        this.app.use((req, res, next) => {
            res.on('finish', () => {
                logger.debug(res.statusCode && res.statusCode.toString(), req.method, req.originalUrl);
            });
            next();
        });
    }
    handerErrors() {
github avoidwork / tenso / src / utility.js View on Github external
obj.server.use(fnCookie).blacklist(fnCookie);
		obj.server.use(middleware.bypass).blacklist(middleware.bypass);

		if (config.security.csrf) {
			luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
			obj.server.use(csrfWrapper).blacklist(csrfWrapper);
		}
	}

	if (config.security.csp instanceof Object) {
		luscaCsp = lusca.csp(config.security.csp);
		obj.server.use(luscaCsp).blacklist(luscaCsp);
	}

	if (!isEmpty(config.security.xframe || "")) {
		luscaXframe = lusca.xframe(config.security.xframe);
		obj.server.use(luscaXframe).blacklist(luscaXframe);
	}

	if (!isEmpty(config.security.p3p || "")) {
		luscaP3p = lusca.p3p(config.security.p3p);
		obj.server.use(luscaP3p).blacklist(luscaP3p);
	}

	if (config.security.hsts instanceof Object) {
		luscaHsts = lusca.hsts(config.security.hsts);
		obj.server.use(luscaHsts).blacklist(luscaHsts);
	}

	if (config.security.xssProtection instanceof Object) {
		luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
		obj.server.use(luscaXssProtection).blacklist(luscaXssProtection);
github avoidwork / tenso / lib / tenso.es6.js View on Github external
obj.server.use(fnCookie).blacklist(fnCookie);
		obj.server.use(bypass).blacklist(bypass);

		if (config.security.csrf) {
			luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
			obj.server.use(csrfWrapper).blacklist(csrfWrapper);
		}
	}

	if (config.security.csp instanceof Object) {
		luscaCsp = lusca.csp(config.security.csp);
		obj.server.use(luscaCsp).blacklist(luscaCsp);
	}

	if (!string.isEmpty(config.security.xframe || "")) {
		luscaXframe = lusca.xframe(config.security.xframe);
		obj.server.use(luscaXframe).blacklist(luscaXframe);
	}

	if (!string.isEmpty(config.security.p3p || "")) {
		luscaP3p = lusca.p3p(config.security.p3p);
		obj.server.use(luscaP3p).blacklist(luscaP3p);
	}

	if (config.security.hsts instanceof Object) {
		luscaHsts = lusca.hsts(config.security.hsts);
		obj.server.use(luscaHsts).blacklist(luscaHsts);
	}

	if (config.security.xssProtection instanceof Object) {
		luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
		obj.server.use(luscaXssProtection).blacklist(luscaXssProtection);
github vellengs / typerx / packages / server / src / application.ts View on Github external
this.app.use(
      session({
        resave: true,
        saveUninitialized: true,
        secret: SESSION_SECRET,
        store: new MongoStore({
          url: MONGODB_URI,
          autoReconnect: true,
        }),
      }),
    );

    this.app.use(expressValidator());
    this.app.use(passport.initialize());
    this.app.use(passport.session());
    this.app.use(lusca.xframe('SAMEORIGIN'));
    this.app.use(lusca.xssProtection(true));
    this.app.use((req, res, next) => {
      res.on('finish', () => {
        logger.debug(
          res.statusCode && res.statusCode.toString(),
          req.method,
          req.originalUrl,
        );
      });
      next();
    });
  }

lusca

Application security for express.

Unrecognized
Latest version published 4 years ago

Package Health Score

57 / 100
Full package analysis