How to use the lusca function in lusca
To help you get started, we’ve selected a few lusca examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ovh-ux / ovh-manager-dedicated / server / config / express.js View on Github 
// Persist sessions with MongoStore / sequelizeStore
// We need to enable sessions for passport-twitter because it's an
// oauth 1.0 strategy, and Lusca depends on sessions
app.use(session({
secret: config.secrets.session,
saveUninitialized: true,
resave: false
}));
/**
* Lusca - express server security
* https://github.com/krakenjs/lusca
*/
if (env !== "test" && env !== "development") {
app.use(lusca({
csrf: {
angular: true
},
xframe: "SAMEORIGIN",
hsts: {
maxAge: 31536000, // 1 year, in seconds
includeSubDomains: true,
preload: true
},
xssProtection: true
}));
}
if (env === "production") {
app.use(favicon(path.join(config.root, "client", "favicon.ico")));
app.use(express.static(app.get("appPath")));// No need to persist sessions
// We need to enable sessions for passport-twitter because it's an
// oauth 1.0 strategy, and Lusca depends on sessions
app.use(session({
secret: config.secrets.session,
saveUninitialized: true,
resave: false
}));
/**
* Lusca - express server security
* https://github.com/krakenjs/lusca
*/
if (env !== 'test' && !process.env.SAUCE_USERNAME) {
app.use(lusca({
csrf: {
angular: true
},
xframe: 'SAMEORIGIN',
hsts: {
maxAge: 31536000, //1 year, in seconds
includeSubDomains: true,
preload: true
},
xssProtection: true
}));
}
if (env === 'development') {
const webpackDevMiddleware = require('webpack-dev-middleware');
const stripAnsi = require('strip-ansi');app.use(session({
secret: config.secrets.session,
saveUninitialized: true,
resave: false,
store: new mongoStore({
mongooseConnection: mongoose.connection,
db: 'richNeighbors'
})
}));
/**
* Lusca - express server security
* https://github.com/krakenjs/lusca
*/
if ('test' !== env) {
app.use(lusca({
csrf: false,
// csrf: {
// angular: true
// },
csp: { policy: "*"},
xframe: 'SAMEORIGIN',
hsts: {
maxAge: 31536000, //1 year, in seconds
includeSubDomains: true,
preload: true
},
xssProtection: true //TODO: Change to true for p
}));
}
app.set('appPath', path.join(config.root, 'client'));secret: config.sessionSecret,
cookie: {
maxAge: config.sessionCookie.maxAge,
httpOnly: config.sessionCookie.httpOnly,
secure: config.sessionCookie.secure && config.secure.ssl
},
name: config.sessionKey,
store: new MongoStore({
mongooseConnection: db.connection,
collection: config.sessionCollection
})
})
);
// Lusca CSRF Middleware
app.use(lusca(config.csrf));
};app.use(session({
secret: config.secrets.session,
saveUninitialized: true,
resave: false,
store: new mongoStore({
mongooseConnection: mongoose.connection,
db: 'mud-server'
})
}));
/**
* Lusca - express server security
* https://github.com/krakenjs/lusca
*/
if ('test' !== env) {
app.use(lusca({
csrf: {
angular: true
},
xframe: 'SAMEORIGIN',
hsts: {
maxAge: 31536000, //1 year, in seconds
includeSubDomains: true,
preload: true
},
xssProtection: true
}));
}
app.set('appPath', path.join(config.root, 'client'));
if ('production' === env) {app.use(session({
secret: config.secrets.session,
saveUninitialized: true,
resave: false,
store: new mongoStore({
mongooseConnection: mongoose.connection,
db: 'paizaqa'
})
}));
/**
* Lusca - express server security
* https://github.com/krakenjs/lusca
*/
if ('test' !== env) {
app.use(lusca({
csrf: {
angular: true
},
xframe: 'SAMEORIGIN',
hsts: {
maxAge: 31536000, //1 year, in seconds
includeSubDomains: true,
preload: true
},
xssProtection: true
}));
}
app.set('appPath', path.join(config.root, 'client'));
if ('production' === env) {app.use(session({
secret: config.secrets.session,
saveUninitialized: true,
resave: false,
store: new mongoStore({
mongooseConnection: mongoose.connection,
db: 'observatory3'
})
}));
/**
* Lusca - express server security
* https://github.com/krakenjs/lusca
*/
if ('test' !== env) {
app.use(lusca({
csrf: {
angular: true
},
xframe: 'SAMEORIGIN',
hsts: {
maxAge: 31536000, //1 year, in seconds
includeSubDomains: true,
preload: true
},
xssProtection: true
}));
}
app.set('appPath', path.join(config.root, 'client'));
if ('production' === env) {app.use(session({
secret: config.secrets.session,
saveUninitialized: true,
resave: false,
store: new mongoStore({
mongooseConnection: mongoose.connection,
db: 'ed-galaxy2'
})
}));
/**
* Lusca - express server security
* https://github.com/krakenjs/lusca
*/
if ('test' !== env) {
app.use(lusca({
csrf: {
angular: true
},
xframe: 'SAMEORIGIN',
hsts: {
maxAge: 31536000, //1 year, in seconds
includeSubDomains: true,
preload: true
},
xssProtection: true
}));
}
app.set('appPath', path.join(config.root, 'client'));
if ('production' === env) {
