Commit a573c956 authored by Matija Obreza's avatar Matija Obreza
Browse files

Express: CSP headers

parent 87686331
......@@ -54,13 +54,6 @@ app.get('/en/*', (req, res) => {
const redirectPath = oldPath.substr(3, oldPath.length);
res.redirect(301, `${config.frontendPath}${redirectPath}`);
});
// Handle sitemap.xml and references files
app.get('/sitemap*.xml', sitemap);
// Enable compression
app.use(compression());
// robots.txt
app.get('/robots.txt', robots);
// Redirect to api
app.use('/api', (req, res) => {
const url = req.url;
......@@ -73,6 +66,21 @@ app.use('/api', (req, res) => {
res.redirect(307, `${config.apiUrl}/api${url}`);
}
});
// Enable compression
app.use(compression());
// Add CSP headers
app.use((req, res, next) => {
res.header('X-Frame-Options', 'DENY');
res.header('Content-Security-Policy', 'frame-src \'none\'; script-src \'self\' \'unsafe-inline\'; style-src \'self\' \'unsafe-inline\';');
next();
});
// Handle sitemap.xml and references files
app.get('/sitemap*.xml', sitemap);
// robots.txt
app.get('/robots.txt', robots);
// Proxy all requests starting with /proxy
app.use('/proxy', httpProxy);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment