Add helmet and other security-headers

2020-01-28 16:18:22 +01:00
parent c204eae9bb
commit 186e3d7f73
3 changed files with 168 additions and 0 deletions
--- a/server.js
+++ b/server.js
@@ -13,6 +13,31 @@ const mongoose = require("mongoose");
 const MongoStore = require("connect-mongo")(session);
 const cors = require("cors");

+const referrerPolicy = require("referrer-policy");
+const helmet = require("helmet");
+const featurePolicy = require("feature-policy");
+
+app.use(
+  featurePolicy({
+    features: {
+      fullscreen: ["*"],
+      //vibrate: ["'none'"],
+      payment: ["'none'"],
+      microphone: ["'none'"],
+      camera: ["'none'"],
+      speaker: ["*"],
+      syncXhr: ["'self'"]
+      //notifications: ["'self'"]
+    }
+  })
+);
+app.use(
+  helmet({
+    frameguard: false
+  })
+);
+app.use(referrerPolicy({ policy: "origin-when-cross-origin" }));
+
 app.use(cors());
 mongoose.promise = global.Promise;
 mongoose.connect("mongodb://localhost/vinlottis");