UNPKG

@dwp/govuk-casa

Version:

Framework for creating basic GOVUK Collect-And-Submit-Applications

github.com/dwp/govuk-casa

dwp/govuk-casa

41 lines (33 loc) 1.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
/** * Apply HTTP headers to all requests. */ const isStaticAsset = /.*\.(js|jpe?g|css|png|svg|woff2?|eot|ttf|otf)/; const isIE8 = /MSIE\s*8/i; const oneDay = 86400000; module.exports = (logger, defaultHeaders = {}, disabledHeaders = []) => (req, res, next) => { logger.trace('apply headers to %s %s', req.method.toUpperCase(), req.url); const headers = Object.assign(Object.create(null), defaultHeaders); // X-XSS-Protection introduces a security bug into IE8, so disable it if IE8 if (isIE8.test(req.headers['user-agent'])) { logger.trace('disabling xss protection for IE8'); headers['X-XSS-Protection'] = '0'; } // Caching policy // Cache static assets more agressively if (isStaticAsset.test(req.url)) { headers['Cache-Control'] = 'public'; headers.Pragma = 'cache'; headers.Expires = new Date(Date.now() + oneDay).toUTCString(); } else { headers['Cache-Control'] = 'no-cache, no-store, must-revalidate, private'; headers.Pragma = 'no-cache'; headers.Expires = 0; } // Write headers Object.keys(headers).forEach((k) => { if (disabledHeaders.indexOf(k) === -1) { res.setHeader(k, headers[k]); } }); next(); };