totaljs / framework

Node.js framework
http://www.totaljs.com
Other
4.36k stars 450 forks source link

Future of Totaljs #592

Closed ghost closed 6 years ago

ghost commented 6 years ago

Peter,

Can you share your vision about the future of Totaljs and your challenges for 2018 ? What are the next enhancements for the version 3.0 ?

Thank you for your work :)

petersirka commented 6 years ago

Thank you! Year 2018 will be mainly about Total.js products.

Total.js framework:

Total.js products:

jComponent:

Other:

So we will see. I want to continue, I love it. My work is my hobby.

ghost commented 6 years ago

Check this link for the hosting : https://zeit.co/ Big Big program... Good luck

ghost commented 6 years ago

Do you integrate some security enhancements for 2018?

webdesus commented 6 years ago

Work on security is ongoing always. What kind of integration do you talking?

petersirka commented 6 years ago

My question is same.

ghost commented 6 years ago

I talk about the Helmet module : https://helmetjs.github.io/ Do we have the same security process with Total.js ?

webdesus commented 6 years ago

Hard question but i think it's redundancy... better using set header as string. Helmetjs has good docs about problems which might happen. But using their library I would not.

But if you have another oppinion. You can write something like this:

const nocache = require('nocache')();
const frameguard= require('frameguard')();

F.on('request', function(req, res) { 
    nocache(req, res,()=>{
        frameguard(req, res, ()=>{});
    }); 
});

Not tested, but should work.

ghost commented 6 years ago

Thank you very much

webdesus commented 6 years ago

Some modules helmet so big, and execute very more logic. I would advise to examine helmetjs site and write once own definition file with your headers as strings. Then if you create new project you can copy this file. You should get somethink like this:

F.on('request', function(req, res) { 
    res.setHeader('Surrogate-Control', 'no-store')
    res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate')
    res.setHeader('Pragma', 'no-cache')
    res.setHeader('Expires', '0')
});