Adding nosniff Header - Githubissues

krakenjs / lusca

Application security for express apps.

Other

1.78k stars 123 forks source link

Adding nosniff Header #77

Closed linkRace closed 8 years ago

jasisk commented 8 years ago

module.exports = function nosniff() {
    return function nosniff(req, res, next) {
        res.header('X-Content-Type-Options', 'no sniff');
        next();
    };
}

lusca itself won't include nosniff unless you give it a truth value:

lusca({ nosniff: true }) // will have nosniff
lusca({ nosniff: false }) // will NOT have nosniff
lusca({}) // will NOT have nosniff

linkRace commented 8 years ago

xssProtection?

jasisk commented 8 years ago

xssProtection?

edited. C/P from your code.

linkRace commented 8 years ago

Cool, updated file.

jasisk commented 8 years ago

Throw some documentation in the README and I'm a :+1:.

linkRace commented 8 years ago

Cool, combine this with the csp update to make a 1.3.1 release I'd think.

grawk commented 8 years ago

Looks like the CI job is failing on the jshint check. Also, it'd be a good idea to update the .travis.yml config to just test on node 4 and maybe node 0.12

grawk commented 8 years ago

un-plus-one'ing until other comments addressed

jasisk commented 8 years ago

This needs tests, no?

tlivings commented 8 years ago

Got merged without 2 :+1: ?