mirror of
https://github.com/taobataoma/meanTorrent.git
synced 2026-07-18 04:31:26 +02:00
Merge pull request #997 from yilenpan/feat/csrf
[feat] Added Lusca middleware for CSRF [fixes #828]
This commit is contained in:
13
config/env/default.js
vendored
13
config/env/default.js
vendored
@@ -28,6 +28,19 @@ module.exports = {
|
||||
// for obsecurity reasons
|
||||
sessionKey: 'sessionId',
|
||||
sessionCollection: 'sessions',
|
||||
// Lusca config
|
||||
csrf: {
|
||||
csrf: false,
|
||||
csp: { /* Content Security Policy object */},
|
||||
xframe: 'SAMEORIGIN',
|
||||
p3p: 'ABCDEF',
|
||||
hsts: {
|
||||
maxAge: 31536000, // Forces HTTPS for one year
|
||||
includeSubDomains: true,
|
||||
preload: true
|
||||
},
|
||||
xssProtection: true
|
||||
},
|
||||
logo: 'modules/core/client/img/brand/logo.png',
|
||||
favicon: 'modules/core/client/img/brand/favicon.ico',
|
||||
uploads: {
|
||||
|
||||
@@ -17,7 +17,8 @@ var config = require('../config'),
|
||||
helmet = require('helmet'),
|
||||
flash = require('connect-flash'),
|
||||
consolidate = require('consolidate'),
|
||||
path = require('path');
|
||||
path = require('path'),
|
||||
lusca = require('lusca');
|
||||
|
||||
/**
|
||||
* Initialize local variables
|
||||
@@ -122,6 +123,9 @@ module.exports.initSession = function (app, db) {
|
||||
collection: config.sessionCollection
|
||||
})
|
||||
}));
|
||||
|
||||
// Add Lusca CSRF Middleware
|
||||
app.use(lusca(config.csrf));
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -228,7 +232,7 @@ module.exports.init = function (db) {
|
||||
|
||||
// Initialize Express view engine
|
||||
this.initViewEngine(app);
|
||||
|
||||
|
||||
// Initialize Helmet security headers
|
||||
this.initHelmetHeaders(app);
|
||||
|
||||
|
||||
@@ -43,6 +43,7 @@
|
||||
"helmet": "~0.9.1",
|
||||
"jasmine-core": "~2.3.4",
|
||||
"lodash": "~3.10.0",
|
||||
"lusca": "~1.3.0",
|
||||
"method-override": "~2.3.3",
|
||||
"mocha": "~2.4.5",
|
||||
"mongoose": "~4.2.3",
|
||||
|
||||
Reference in New Issue
Block a user