UNPKG

tezx

Version:

TezX is a high-performance, lightweight JavaScript framework designed for speed, scalability, and flexibility. It enables efficient routing, middleware management, and static file serving with minimal configuration. Fully compatible with Node.js, Deno, an

github.com/tezxjs/TezX/issues

tezxjs/TezX

39 lines (38 loc) 1.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
export const secureHeaders = (options = {}) => { return async function secureHeaders(ctx, next) { const resolveValue = (value) => { return typeof value === "function" ? value(ctx) : value; }; const contentSecurityPolicy = resolveValue(options.contentSecurityPolicy) || "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"; const frameGuard = resolveValue(options.frameGuard) ?? true; const hsts = resolveValue(options.hsts) ?? true; const xssProtection = resolveValue(options.xssProtection) ?? true; const noSniff = resolveValue(options.noSniff) ?? true; const referrerPolicy = resolveValue(options.referrerPolicy) || "no-referrer"; const permissionsPolicy = resolveValue(options.permissionsPolicy) || "geolocation=(), microphone=(), camera=()"; if (contentSecurityPolicy) { ctx.headers.set("Content-Security-Policy", contentSecurityPolicy); } if (frameGuard) { ctx.headers.set("X-Frame-Options", "DENY"); } if (hsts) { ctx.headers.set("Strict-Transport-Security", "max-age=63072000; includeSubDomains"); } if (xssProtection) { ctx.headers.set("X-XSS-Protection", "1; mode=block"); } if (noSniff) { ctx.headers.set("X-Content-Type-Options", "nosniff"); } if (referrerPolicy) { ctx.headers.set("Referrer-Policy", referrerPolicy); } if (permissionsPolicy) { ctx.headers.set("Permissions-Policy", permissionsPolicy); } return await next(); }; };