Add helmet and other security-headers
This commit is contained in:
Kasper Rynning-Tønnesen
140
package-lock.json
generated
140
package-lock.json
generated
@@ -1655,6 +1655,11 @@
|
||||
"integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=",
|
||||
"dev": true
|
||||
},
|
||||
"bowser": {
|
||||
"version": "2.8.1",
|
||||
"resolved": "https://registry.npmjs.org/bowser/-/bowser-2.8.1.tgz",
|
||||
"integrity": "sha512-FxxltGKqMHkVa3KtpA+kdnxH0caHPDewccyrK3vW1bsMw6Zco4vRPmMunowX0pXlDZqhxkKSpToADQI2Sk4OeQ=="
|
||||
},
|
||||
"brace-expansion": {
|
||||
"version": "1.1.11",
|
||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
|
||||
@@ -1965,6 +1970,11 @@
|
||||
"map-obj": "^1.0.0"
|
||||
}
|
||||
},
|
||||
"camelize": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/camelize/-/camelize-1.0.0.tgz",
|
||||
"integrity": "sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs="
|
||||
},
|
||||
"caniuse-api": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/caniuse-api/-/caniuse-api-3.0.0.tgz",
|
||||
@@ -2513,6 +2523,11 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"content-security-policy-builder": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/content-security-policy-builder/-/content-security-policy-builder-2.1.0.tgz",
|
||||
"integrity": "sha512-/MtLWhJVvJNkA9dVLAp6fg9LxD2gfI6R2Fi1hPmfjYXSahJJzcfvoeDOxSyp4NvxMuwWv3WMssE9o31DoULHrQ=="
|
||||
},
|
||||
"content-type": {
|
||||
"version": "1.0.4",
|
||||
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
|
||||
@@ -2891,6 +2906,11 @@
|
||||
"assert-plus": "^1.0.0"
|
||||
}
|
||||
},
|
||||
"dasherize": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/dasherize/-/dasherize-2.0.0.tgz",
|
||||
"integrity": "sha1-bYCcnNDPe7iVLYD8hPoT1H3bEwg="
|
||||
},
|
||||
"de-indent": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/de-indent/-/de-indent-1.0.2.tgz",
|
||||
@@ -3155,6 +3175,11 @@
|
||||
"safe-buffer": "^5.0.1"
|
||||
}
|
||||
},
|
||||
"dns-prefetch-control": {
|
||||
"version": "0.2.0",
|
||||
"resolved": "https://registry.npmjs.org/dns-prefetch-control/-/dns-prefetch-control-0.2.0.tgz",
|
||||
"integrity": "sha512-hvSnros73+qyZXhHFjx2CMLwoj3Fe7eR9EJsFsqmcI1bB2OBWL/+0YzaEaKssCHnj/6crawNnUyw74Gm2EKe+Q=="
|
||||
},
|
||||
"dns-txt": {
|
||||
"version": "2.0.2",
|
||||
"resolved": "https://registry.npmjs.org/dns-txt/-/dns-txt-2.0.2.tgz",
|
||||
@@ -3222,6 +3247,11 @@
|
||||
"domelementtype": "1"
|
||||
}
|
||||
},
|
||||
"dont-sniff-mimetype": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.1.0.tgz",
|
||||
"integrity": "sha512-ZjI4zqTaxveH2/tTlzS1wFp+7ncxNZaIEWYg3lzZRHkKf5zPT/MnEG6WL0BhHMJUabkh8GeU5NL5j+rEUCb7Ug=="
|
||||
},
|
||||
"dot-prop": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz",
|
||||
@@ -3583,6 +3613,11 @@
|
||||
"homedir-polyfill": "^1.0.1"
|
||||
}
|
||||
},
|
||||
"expect-ct": {
|
||||
"version": "0.2.0",
|
||||
"resolved": "https://registry.npmjs.org/expect-ct/-/expect-ct-0.2.0.tgz",
|
||||
"integrity": "sha512-6SK3MG/Bbhm8MsgyJAylg+ucIOU71/FzyFalcfu5nY19dH8y/z0tBJU0wrNBXD4B27EoQtqPF/9wqH0iYAd04g=="
|
||||
},
|
||||
"express": {
|
||||
"version": "4.17.1",
|
||||
"resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
|
||||
@@ -3806,6 +3841,11 @@
|
||||
"websocket-driver": ">=0.5.1"
|
||||
}
|
||||
},
|
||||
"feature-policy": {
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/feature-policy/-/feature-policy-0.4.0.tgz",
|
||||
"integrity": "sha512-SGAI4zDethorgbUdtHuL74gnIcjfHA4bZDgocR7SIz/Zu1sknKAHciaCbiClivfiW7he2V3HZ64UvE0/3Ai5mA=="
|
||||
},
|
||||
"figgy-pudding": {
|
||||
"version": "3.5.1",
|
||||
"resolved": "https://registry.npmjs.org/figgy-pudding/-/figgy-pudding-3.5.1.tgz",
|
||||
@@ -4000,6 +4040,11 @@
|
||||
"map-cache": "^0.2.2"
|
||||
}
|
||||
},
|
||||
"frameguard": {
|
||||
"version": "3.1.0",
|
||||
"resolved": "https://registry.npmjs.org/frameguard/-/frameguard-3.1.0.tgz",
|
||||
"integrity": "sha512-TxgSKM+7LTA6sidjOiSZK9wxY0ffMPY3Wta//MqwmX0nZuEHc8QrkV8Fh3ZhMJeiH+Uyh/tcaarImRy8u77O7g=="
|
||||
},
|
||||
"fresh": {
|
||||
"version": "0.5.2",
|
||||
"resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
|
||||
@@ -5037,12 +5082,67 @@
|
||||
"integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
|
||||
"dev": true
|
||||
},
|
||||
"helmet": {
|
||||
"version": "3.21.2",
|
||||
"resolved": "https://registry.npmjs.org/helmet/-/helmet-3.21.2.tgz",
|
||||
"integrity": "sha512-okUo+MeWgg00cKB8Csblu8EXgcIoDyb5ZS/3u0W4spCimeVuCUvVZ6Vj3O2VJ1Sxpyb8jCDvzu0L1KKT11pkIg==",
|
||||
"requires": {
|
||||
"depd": "2.0.0",
|
||||
"dns-prefetch-control": "0.2.0",
|
||||
"dont-sniff-mimetype": "1.1.0",
|
||||
"expect-ct": "0.2.0",
|
||||
"feature-policy": "0.3.0",
|
||||
"frameguard": "3.1.0",
|
||||
"helmet-crossdomain": "0.4.0",
|
||||
"helmet-csp": "2.9.4",
|
||||
"hide-powered-by": "1.1.0",
|
||||
"hpkp": "2.0.0",
|
||||
"hsts": "2.2.0",
|
||||
"ienoopen": "1.1.0",
|
||||
"nocache": "2.1.0",
|
||||
"referrer-policy": "1.2.0",
|
||||
"x-xss-protection": "1.3.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"depd": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
|
||||
"integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
|
||||
},
|
||||
"feature-policy": {
|
||||
"version": "0.3.0",
|
||||
"resolved": "https://registry.npmjs.org/feature-policy/-/feature-policy-0.3.0.tgz",
|
||||
"integrity": "sha512-ZtijOTFN7TzCujt1fnNhfWPFPSHeZkesff9AXZj+UEjYBynWNUIYpC87Ve4wHzyexQsImicLu7WsC2LHq7/xrQ=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"helmet-crossdomain": {
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/helmet-crossdomain/-/helmet-crossdomain-0.4.0.tgz",
|
||||
"integrity": "sha512-AB4DTykRw3HCOxovD1nPR16hllrVImeFp5VBV9/twj66lJ2nU75DP8FPL0/Jp4jj79JhTfG+pFI2MD02kWJ+fA=="
|
||||
},
|
||||
"helmet-csp": {
|
||||
"version": "2.9.4",
|
||||
"resolved": "https://registry.npmjs.org/helmet-csp/-/helmet-csp-2.9.4.tgz",
|
||||
"integrity": "sha512-qUgGx8+yk7Xl8XFEGI4MFu1oNmulxhQVTlV8HP8tV3tpfslCs30OZz/9uQqsWPvDISiu/NwrrCowsZBhFADYqg==",
|
||||
"requires": {
|
||||
"bowser": "^2.7.0",
|
||||
"camelize": "1.0.0",
|
||||
"content-security-policy-builder": "2.1.0",
|
||||
"dasherize": "2.0.0"
|
||||
}
|
||||
},
|
||||
"hex-color-regex": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/hex-color-regex/-/hex-color-regex-1.1.0.tgz",
|
||||
"integrity": "sha512-l9sfDFsuqtOqKDsQdqrMRk0U85RZc0RtOR9yPI7mRVOa4FsR/BVnZ0shmQRM96Ji99kYZP/7hn1cedc1+ApsTQ==",
|
||||
"dev": true
|
||||
},
|
||||
"hide-powered-by": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/hide-powered-by/-/hide-powered-by-1.1.0.tgz",
|
||||
"integrity": "sha512-Io1zA2yOA1YJslkr+AJlWSf2yWFkKjvkcL9Ni1XSUqnGLr/qRQe2UI3Cn/J9MsJht7yEVCe0SscY1HgVMujbgg=="
|
||||
},
|
||||
"hmac-drbg": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz",
|
||||
@@ -5086,6 +5186,11 @@
|
||||
"wbuf": "^1.1.0"
|
||||
}
|
||||
},
|
||||
"hpkp": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/hpkp/-/hpkp-2.0.0.tgz",
|
||||
"integrity": "sha1-EOFCJk52IVpdMMROxD3mTe5tFnI="
|
||||
},
|
||||
"hsl-regex": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/hsl-regex/-/hsl-regex-1.0.0.tgz",
|
||||
@@ -5098,6 +5203,21 @@
|
||||
"integrity": "sha1-wc56MWjIxmFAM6S194d/OyJfnDg=",
|
||||
"dev": true
|
||||
},
|
||||
"hsts": {
|
||||
"version": "2.2.0",
|
||||
"resolved": "https://registry.npmjs.org/hsts/-/hsts-2.2.0.tgz",
|
||||
"integrity": "sha512-ToaTnQ2TbJkochoVcdXYm4HOCliNozlviNsg+X2XQLQvZNI/kCHR9rZxVYpJB3UPcHz80PgxRyWQ7PdU1r+VBQ==",
|
||||
"requires": {
|
||||
"depd": "2.0.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"depd": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
|
||||
"integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"html-comment-regex": {
|
||||
"version": "1.1.2",
|
||||
"resolved": "https://registry.npmjs.org/html-comment-regex/-/html-comment-regex-1.1.2.tgz",
|
||||
@@ -5291,6 +5411,11 @@
|
||||
"resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz",
|
||||
"integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg=="
|
||||
},
|
||||
"ienoopen": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/ienoopen/-/ienoopen-1.1.0.tgz",
|
||||
"integrity": "sha512-MFs36e/ca6ohEKtinTJ5VvAJ6oDRAYFdYXweUnGY9L9vcoqFOU4n2ZhmJ0C4z/cwGZ3YIQRSB3XZ1+ghZkY5NQ=="
|
||||
},
|
||||
"iferr": {
|
||||
"version": "0.1.5",
|
||||
"resolved": "https://registry.npmjs.org/iferr/-/iferr-0.1.5.tgz",
|
||||
@@ -6479,6 +6604,11 @@
|
||||
"lower-case": "^1.1.1"
|
||||
}
|
||||
},
|
||||
"nocache": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/nocache/-/nocache-2.1.0.tgz",
|
||||
"integrity": "sha512-0L9FvHG3nfnnmaEQPjT9xhfN4ISk0A8/2j4M37Np4mcDesJjHgEUfgPhdCyZuFI954tjokaIj/A3NdpFNdEh4Q=="
|
||||
},
|
||||
"node-fetch": {
|
||||
"version": "2.6.0",
|
||||
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz",
|
||||
@@ -8167,6 +8297,11 @@
|
||||
"strip-indent": "^1.0.1"
|
||||
}
|
||||
},
|
||||
"referrer-policy": {
|
||||
"version": "1.2.0",
|
||||
"resolved": "https://registry.npmjs.org/referrer-policy/-/referrer-policy-1.2.0.tgz",
|
||||
"integrity": "sha512-LgQJIuS6nAy1Jd88DCQRemyE3mS+ispwlqMk3b0yjZ257fI1v9c+/p6SD5gP5FGyXUIgrNOAfmyioHwZtYv2VA=="
|
||||
},
|
||||
"regenerate": {
|
||||
"version": "1.4.0",
|
||||
"resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.0.tgz",
|
||||
@@ -10657,6 +10792,11 @@
|
||||
"async-limiter": "~1.0.0"
|
||||
}
|
||||
},
|
||||
"x-xss-protection": {
|
||||
"version": "1.3.0",
|
||||
"resolved": "https://registry.npmjs.org/x-xss-protection/-/x-xss-protection-1.3.0.tgz",
|
||||
"integrity": "sha512-kpyBI9TlVipZO4diReZMAHWtS0MMa/7Kgx8hwG/EuZLiA6sg4Ah/4TRdASHhRRN3boobzcYgFRUFSgHRge6Qhg=="
|
||||
},
|
||||
"xregexp": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/xregexp/-/xregexp-4.0.0.tgz",
|
||||
|
||||
@@ -21,6 +21,8 @@
|
||||
"express": "^4.17.1",
|
||||
"express-session": "^1.17.0",
|
||||
"extract-text-webpack-plugin": "^3.0.2",
|
||||
"feature-policy": "^0.4.0",
|
||||
"helmet": "^3.21.2",
|
||||
"moment": "^2.24.0",
|
||||
"mongoose": "^5.8.7",
|
||||
"node-fetch": "^2.6.0",
|
||||
@@ -29,6 +31,7 @@
|
||||
"passport-local": "^1.0.0",
|
||||
"passport-local-mongoose": "^6.0.1",
|
||||
"qrcode": "^1.4.4",
|
||||
"referrer-policy": "^1.2.0",
|
||||
"vue": "~2.6",
|
||||
"vue-analytics": "^5.22.1",
|
||||
"vue-router": "~3.0",
|
||||
|
||||
25
server.js
25
server.js
@@ -13,6 +13,31 @@ const mongoose = require("mongoose");
|
||||
const MongoStore = require("connect-mongo")(session);
|
||||
const cors = require("cors");
|
||||
|
||||
const referrerPolicy = require("referrer-policy");
|
||||
const helmet = require("helmet");
|
||||
const featurePolicy = require("feature-policy");
|
||||
|
||||
app.use(
|
||||
featurePolicy({
|
||||
features: {
|
||||
fullscreen: ["*"],
|
||||
//vibrate: ["'none'"],
|
||||
payment: ["'none'"],
|
||||
microphone: ["'none'"],
|
||||
camera: ["'none'"],
|
||||
speaker: ["*"],
|
||||
syncXhr: ["'self'"]
|
||||
//notifications: ["'self'"]
|
||||
}
|
||||
})
|
||||
);
|
||||
app.use(
|
||||
helmet({
|
||||
frameguard: false
|
||||
})
|
||||
);
|
||||
app.use(referrerPolicy({ policy: "origin-when-cross-origin" }));
|
||||
|
||||
app.use(cors());
|
||||
mongoose.promise = global.Promise;
|
||||
mongoose.connect("mongodb://localhost/vinlottis");
|
||||
|
||||
Reference in New Issue
Block a user