Closed abovedave closed 6 years ago
Closing in favour of project specific middleware - seems just as simple for the user and keeps fuss out the core.
E.g.,
const Middleware = function (app) {
app.use((req, res, next) => {
res.setHeader('Strict-Transport-Security', 7776000000)
res.setHeader('X-Frame-Options', 'SAMEORIGIN')
res.setHeader('X-XSS-Protection', 0)
res.setHeader('X-Content-Type-Options', 'nosniff')
next()
})
}
module.exports = function (app) {
return new Middleware(app)
}
module.exports.Middleware = Middleware
In the global config:
At page level:
Or disable all custom: