You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

46 lines
1.3 KiB

  1. /* global WIKI */
  2. /**
  3. * Security Middleware
  4. *
  5. * @param {Express Request} req Express request object
  6. * @param {Express Response} res Express response object
  7. * @param {Function} next next callback function
  8. * @return {any} void
  9. */
  10. module.exports = function (req, res, next) {
  11. // -> Disable X-Powered-By
  12. req.app.disable('x-powered-by')
  13. // -> Disable Frame Embedding
  14. if (WIKI.config.security.securityIframe) {
  15. res.set('X-Frame-Options', 'deny')
  16. }
  17. // -> Re-enable XSS Fitler if disabled
  18. res.set('X-XSS-Protection', '1; mode=block')
  19. // -> Disable MIME-sniffing
  20. res.set('X-Content-Type-Options', 'nosniff')
  21. // -> Disable IE Compatibility Mode
  22. res.set('X-UA-Compatible', 'IE=edge')
  23. // -> Disables referrer header when navigating to a different origin
  24. if (WIKI.config.security.securityReferrerPolicy) {
  25. res.set('Referrer-Policy', 'same-origin')
  26. }
  27. // -> Enforce HSTS
  28. if (WIKI.config.security.securityHSTS) {
  29. res.set('Strict-Transport-Security', `max-age=${WIKI.config.security.securityHSTSDuration}; includeSubDomains`)
  30. }
  31. // -> Prevent Open Redirect from user provided URL
  32. if (WIKI.config.security.securityOpenRedirect) {
  33. // Strips out all repeating / character in the provided URL
  34. req.url = req.url.replace(/(\/)(?=\/*\1)/g, '')
  35. }
  36. return next()
  37. }