Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
app.use(function * (next) {
if (this.accepts('html', 'text/*', 'text/html')) {
yield* sendfile.call(this, indexFile)
}
})
app.use(helmet.csp({
defaultSrc: ['\'self\'', 'herokuapp.com'],
scriptSrc: ['\'self\'', '\'unsafe-inline\''],
styleSrc: ['\'self\'', '\'unsafe-inline\''],
fontSrc: ['\'self\''],
imgSrc: ['\'self\'', 'data:']
}))
app.use(helmet.xssFilter())
app.use(helmet.nosniff())
app.use(helmet.hsts({
maxAge: NINETY_DAYS_IN_MS
}))
// kick off server
if (!module.parent) {
let server = http.createServer(app.callback())
mqttBroker.attachHttpServer(server)
server.listen(config.port, function (err) {
if (err) {
return logger.error(err)
}
logger.info('app is listening on ' + config.port)
})