Skip to content

Commit

Permalink
提升安全性
Browse files Browse the repository at this point in the history
  • Loading branch information
eshengsky committed Jul 19, 2018
1 parent de4a62b commit cf91d1f
Show file tree
Hide file tree
Showing 3 changed files with 125 additions and 8 deletions.
116 changes: 112 additions & 4 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"escape-html": "^1.0.3",
"express": "^4.16.3",
"express-session": "^1.15.6",
"helmet": "^3.12.1",
"http-proxy": "^1.17.0",
"ioredis": "^3.2.2",
"jquery": "1.9.1 - 3",
Expand Down
16 changes: 12 additions & 4 deletions server.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ const version = require('./package.json').version;
const configPath = require('./getConfigPath')();
const config = require(configPath);
const cookieParser = require('cookie-parser');
app.use(cookieParser());
const helmet = require('helmet');
const log4js = require('./lib/log4js');
log4js.configure(config.log4js);
const logger = log4js.getLogger('noginx');
Expand Down Expand Up @@ -145,12 +145,20 @@ function routeFilter(req) {
}

/**
* 避免点击劫持 (clickjacking)
* Cookie Parser
*/
app.use(cookieParser());

/**
* 安全性
*/
app.use(helmet());

/**
* 添加Server头
*/
app.use((req, res, next) => {
res.header('server', `noginx v${version}`);
res.header('x-frame-options', 'SAMEORIGIN');
res.header('Server', `noginx v${version}`);
next();
});

Expand Down

0 comments on commit cf91d1f

Please sign in to comment.