How to use the helmet.noCache function in helmet

To help you get started, we’ve selected a few helmet examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github embark-framework / embark / lib / modules / webserver / server.js View on Github external
const coverageStyle = serveStatic(fs.dappPath('coverage/'));
    const main = serveStatic(this.buildDir, {'index': ['index.html', 'index.htm']});

    this.app = express();
    const expressWs = expressWebSocket(this.app);
    // Assign Logging Function
    this.app.use(function(req, res, next) {
      if (self.logging) {
        if (!req.headers.upgrade) {
          console.log('Webserver> ' + req.method + " " + req.originalUrl);
        }
      }
      next();
    });

    this.app.use(helmet.noCache());
    this.app.use(cors());
    this.app.use(main);
    this.app.use('/coverage', coverage);
    this.app.use(coverageStyle);

    this.app.use(express.static(path.join(fs.dappPath(this.dist)), {'index': ['index.html', 'index.htm']}));
    this.app.use('/embark', express.static(path.join(__dirname, '../../../embark-ui/build')));

    this.app.use(bodyParser.json()); // support json encoded bodies
    this.app.use(bodyParser.urlencoded({extended: true})); // support encoded bodies

    this.app.ws('/logs', function(ws, _req) {
      self.events.on("log", function(logLevel, logMsg) {
        ws.send(JSON.stringify({msg: logMsg, msg_clear: logMsg.stripColors, logLevel: logLevel}), () => {});
      });
    });
github venusdev85 / Vue-Express-Mongo / server / core / express.js View on Github external
function initViewEngine(app) {
	// Set view folder
	app.set("views", path.join(serverFolder, "views"));
	app.set("view engine", "pug");

	// Environment dependent middleware
	if (config.isDevMode()) {
		app.set("showStackError", true);

		// Disable views cache
		app.set("view cache", false);
		app.use(helmet.noCache());

		// Jade options: Don't minify html, debug intrumentation
		app.locals.pretty = true;
		//app.locals.compileDebug = true;

	} else {
		app.locals.cache = "memory";
		app.set("view cache", true);
	}
}
github tkssharma / e-CommerseHub / e-Commerce-Cart / express.ts View on Github external
private middleware(): void {
    this.express.use(passport.initialize());
    // required for passport to initlize it
    this.express.use(expressSession({ secret: 'bla bla' }));
    this.express.use(passport.session());
    // initlize session
    this.express.use(logger('dev'));
    this.express.disable('x-powered-by');
    this.express.disable('etag');
    this.express.use(helmet());
    this.express.use(boom());
    this.express.use(helmet.noCache({ noEtag: true })); // set Cache-Control header
    this.express.use(helmet.noSniff()); // set X-Content-Type-Options header
    this.express.use(helmet.frameguard()); // set X-Frame-Options header
    this.express.use(helmet.xssFilter()); // set X-XSS-Protection header
    // logger logs on console
    this.express.use(bodyParser.urlencoded({ extended: false, limit: '5mb' })); // parse application/x-www-form-urlencoded
    this.express.use(bodyParser.json()); // parse application/json
    // enable CORS
    this.express.use((req, res, next) => {
      res.header('Access-Control-Allow-Origin', '*');
      res.header('Access-Control-Allow-Methods', 'GET, POST, DELETE, PUT, PATCH, OPTIONS');
      res.header('Access-Control-Allow-Headers', 'Content-Type, api_key, Authorization, Referer');
      next();
    });
    // register all custom Middleware
    this.express.use(cors({ optionsSuccessStatus: 200 }));
    this.express.use(cookieParser()); // cookies-parser
github w3tecch / express-graphql-typescript-boilerplate / src / App.ts View on Github external
public main(): void {

        // Helmet helps you secure your Express apps by setting various HTTP headers
        this.express.use(helmet());
        this.express.use(helmet.noCache());
        this.express.use(helmet.hsts({
            maxAge: 31536000,
            includeSubdomains: true
        }));

        // Enable cors for all routes and origins
        this.express.use(cors());

        // Adds winston logger to the express framework
        this.express.use(morgan('dev', debugStream));
        this.express.use(morgan('combined', winstonStream));

        // Our custom oauth middleware
        this.express.use(oauth({}));

        // Requests to /graphql redirect to /
github partio-scout / reki / src / server / server.js View on Github external
{ model: models.UserRole, as: 'roles' },
        ],
      });

      if (!user) {
        throw new Error('User not found');
      }

      done(null, models.User.toClientFormat(user, sessionType));
    } catch (e) {
      done(e);
    }
  });

  app.use(helmet());
  app.use(helmet.noCache()); // noCache disabled by default

  if (appConfig.standalone) {
    app.use(morgan('dev'));
  }

  const validConnectSrc = appConfig.isDev ? ['*'] : ["'self'"];

  app.use(helmet.contentSecurityPolicy({
    directives: {
      defaultSrc: ["'self'"],
      scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
      connectSrc: validConnectSrc,
      styleSrc: ["'self'", "'unsafe-inline'"],
      imgSrc: ["'self'"],
    },
  }));
github untool / untool / packages / express / mixins / mixin.core.js View on Github external
const mime = require('mime');
      const { distDir } = this.config;
      middlewares.initial.push(helmet());
      middlewares.files.push(
        express.static(distDir, {
          maxAge: '1y',
          setHeaders: (res, filePath) => {
            const { noCache } = res.locals || {};
            if (noCache || mime.getType(filePath) === 'text/html') {
              helmet.noCache()(null, res, () => {});
            }
          },
          redirect: false,
        })
      );
      middlewares.postfiles.push(helmet.noCache());
      if (typeof this.getLogger === 'function') {
        const loggerMiddleware = require('../lib/log');
        app.use(loggerMiddleware(this.getLogger()));
      }
    }
  }
  inspectServer(server) {
github mikesparr / typescript-postgres-auth-example / src / app.ts View on Github external
private initializeSecurity() {
    this.app.use(helmet.noCache());
    this.app.use(helmet.frameguard());
    this.app.use(helmet.hidePoweredBy());
    this.app.use(helmet.hsts());
    this.app.use(helmet.ieNoOpen());
    this.app.use(helmet.noSniff());
    this.app.use(helmet.xssFilter());
  }
github wireapp / wire-webapp / server / Server.ts View on Github external
private initCaching() {
    if (this.config.SERVER.DEVELOPMENT) {
      this.app.use(helmet.noCache());
    } else {
      this.app.use((req, res, next) => {
        const milliSeconds = 1000;
        res.header('Cache-Control', `public, max-age=${this.config.SERVER.CACHE_DURATION_SECONDS}`);
        res.header(
          'Expires',
          new Date(Date.now() + this.config.SERVER.CACHE_DURATION_SECONDS * milliSeconds).toUTCString(),
        );
        next();
      });
    }
  }
github OpusCapita / fsm-workflow / history / src / demo / server.js View on Github external
const sequelize = new Sequelize(
  dbConfig.database,
  dbConfig.username,
  dbConfig.password,
  dbConfig
);

app.use((req, res, next) => {
  res.header('Access-Control-Allow-Methods', 'GET,POST,HEAD,OPTIONS,PUT,PATCH,DELETE');
  res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
  res.header('Access-Control-Allow-Origin', '*');
  next();
});

app.use(helmet.noCache());
app.use(bodyParser.json());

workflowTransitionHistory(sequelize).
  then(({ add, search }) => {
    app.post('/history', (req, res) => add(req.body).
      then(entry => res.json(entry))
    );

    app.get('/history', (req, res) => {
      const {
        businessObjType,
        businessObjId,
        user,
        finishedOnGt,
        finishedOnGte,
        finishedOnLt,