bravo68web
/
safe.b68dev.xyz
mirror of https://github.com/BRAVO68WEB/safe.b68dev.xyz.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat: allow helmet to be disabled entirely 

by setting the config value into an empty object

if otherwise falsy value, old behavior will still be used for
backwards-compatibility
This commit is contained in:
Bobby 2022-04-30 12:01:12 +07:00
parent 51d4bf954a
commit 007ad3ddc0
No known key found for this signature in database
GPG Key ID: 941839794CBF5A09
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lolisafe.js
View File

@ -54,22 +54,27 @@ const db = require('knex')(config.database)
const isDevMode = process.env.NODE_ENV === 'development'
// Helmet security headers
if (config.helmet instanceof Object && Object.keys(config.helmet).length) {
safe.use(helmet(config.helmet))
if (config.helmet instanceof Object) {
// If an empty object, simply do not use Helmet
if (Object.keys(config.helmet).length) {
safe.use(helmet(config.helmet))
}
} else {
// Fallback to old behavior when the whole helmet option was not configurable from the config file
safe.use(helmet({
const defaults = {
contentSecurityPolicy: false,
crossOriginEmbedderPolicy: false,
crossOriginOpenerPolicy: false,
crossOriginResourcePolicy: false,
hsts: false,
originAgentCluster: false
}))
}
if (config.hsts instanceof Object && Object.keys(config.hsts).length) {
safe.use(helmet.hsts(config.hsts))
defaults.hsts = config.hsts
}
safe.use(helmet(defaults))
}
if (config.trustProxy) {