Add helmetjs for security
This commit is contained in:
parent
acb129899d
commit
9210a94163
2 changed files with 12 additions and 0 deletions
11
app.js
11
app.js
|
|
@ -1,5 +1,6 @@
|
|||
"use strict";
|
||||
var express = require('express');
|
||||
var helmet = require('helmet');
|
||||
var path = require('path');
|
||||
var favicon = require('serve-favicon');
|
||||
var logger = require('morgan');
|
||||
|
|
@ -18,6 +19,7 @@ app.set('view engine', 'ejs');
|
|||
|
||||
// uncomment after placing your favicon in /public
|
||||
//app.use(favicon(__dirname + '/public/favicon.ico'));
|
||||
app.use(helmet());
|
||||
app.use(logger('dev'));
|
||||
app.use(bodyParser.json());
|
||||
app.use(bodyParser.urlencoded({ extended: false }));
|
||||
|
|
@ -30,6 +32,15 @@ app.use(session({
|
|||
app.use(flash());
|
||||
app.use(express.static(path.join(__dirname, 'public')));
|
||||
|
||||
// force SSL
|
||||
app.get('*', function(req,res,next) {
|
||||
if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] != 'https') {
|
||||
res.redirect(req.headers['host'] + req.url);
|
||||
} else {
|
||||
next();
|
||||
}
|
||||
});
|
||||
|
||||
app.use('/', routes);
|
||||
|
||||
// catch 404 and forward to error handler
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
"ejs": "~0.8.5",
|
||||
"express": "~4.9.0",
|
||||
"express-session": "^1.9.2",
|
||||
"helmet": "^0.5.2",
|
||||
"morgan": "~1.3.0",
|
||||
"playmusic": "^1.1.0",
|
||||
"rdio": "^1.5.2",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue