How to use the lusca.xframe function in lusca
To help you get started, we’ve selected a few lusca examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
adamalawrence / Ostia / app.js View on Github 
url: process.env.MONGODB_URI || process.env.MONGOLAB_URI,
autoReconnect: true,
clear_interval: 3600
})
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use((req, res, next) => {
if (req.path === '/api/upload') {
next();
} else {
lusca.csrf()(req, res, next);
}
});
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
app.use((req, res, next) => {
res.locals.user = req.user;
next();
});
app.use((req, res, next) => {
// After successful login, redirect back to the intended page
if (!req.user &&
req.path !== '/login' &&
req.path !== '/signup' &&
!req.path.match(/^\/auth/) &&
!req.path.match(/\./)) {
req.session.returnTo = req.path;
} else if (req.user &&
req.path === '/account') {
req.session.returnTo = req.path;//Route handlers
const authApi = require('./controllers/auth.api');
//Create server
const app = express();
//Express configuration
app.set('port', process.env.PORT || process.env.OPENSHIFT_NODEJS_PORT || 1139);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');
app.use(compression());
app.use(morgan('dev'));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(cors());
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
app.use(
express.static(path.join(__dirname, '../app', 'build'), {
maxAge: 31557600000
})
);
//Error handler
app.use(errorHandler());
//DB setup
mongoUtil.connectToServer(err => {
if (err) return console.log(err);
});
//GraphQL setupobj.always(fnCookie).blacklist(fnCookie);
obj.always(middleware.bypass).blacklist(middleware.bypass);
if (config.security.csrf) {
luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
obj.always(csrfWrapper).blacklist(csrfWrapper);
}
}
if (config.security.csp instanceof Object) {
luscaCsp = lusca.csp(config.security.csp);
obj.always(luscaCsp).blacklist(luscaCsp);
}
if (isEmpty(config.security.xframe || "") === false) {
luscaXframe = lusca.xframe(config.security.xframe);
obj.always(luscaXframe).blacklist(luscaXframe);
}
if (isEmpty(config.security.p3p || "") === false) {
luscaP3p = lusca.p3p(config.security.p3p);
obj.always(luscaP3p).blacklist(luscaP3p);
}
if (config.security.hsts instanceof Object) {
luscaHsts = lusca.hsts(config.security.hsts);
obj.always(luscaHsts).blacklist(luscaHsts);
}
if (config.security.xssProtection) {
luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
obj.always(luscaXssProtection).blacklist(luscaXssProtection);const staticSrc = path.resolve(process.cwd(), 'public');
this.app.use(express.static(staticSrc, { maxAge: 31557600000 }));
this.app.use(cors());
this.app.use(session({
resave: true,
saveUninitialized: true,
secret: secrets_1.SESSION_SECRET,
store: new MongoStore({
url: secrets_1.MONGODB_URI,
autoReconnect: true,
}),
}));
this.app.use(expressValidator());
this.app.use(passport.initialize());
this.app.use(passport.session());
this.app.use(lusca.xframe('SAMEORIGIN'));
this.app.use(lusca.xssProtection(true));
this.app.use((req, res, next) => {
res.on('finish', () => {
logger.debug(res.statusCode && res.statusCode.toString(), req.method, req.originalUrl);
});
next();
});
}
handerErrors() {obj.server.use(fnCookie).blacklist(fnCookie);
obj.server.use(middleware.bypass).blacklist(middleware.bypass);
if (config.security.csrf) {
luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
obj.server.use(csrfWrapper).blacklist(csrfWrapper);
}
}
if (config.security.csp instanceof Object) {
luscaCsp = lusca.csp(config.security.csp);
obj.server.use(luscaCsp).blacklist(luscaCsp);
}
if (!isEmpty(config.security.xframe || "")) {
luscaXframe = lusca.xframe(config.security.xframe);
obj.server.use(luscaXframe).blacklist(luscaXframe);
}
if (!isEmpty(config.security.p3p || "")) {
luscaP3p = lusca.p3p(config.security.p3p);
obj.server.use(luscaP3p).blacklist(luscaP3p);
}
if (config.security.hsts instanceof Object) {
luscaHsts = lusca.hsts(config.security.hsts);
obj.server.use(luscaHsts).blacklist(luscaHsts);
}
if (config.security.xssProtection instanceof Object) {
luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
obj.server.use(luscaXssProtection).blacklist(luscaXssProtection);obj.server.use(fnCookie).blacklist(fnCookie);
obj.server.use(bypass).blacklist(bypass);
if (config.security.csrf) {
luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
obj.server.use(csrfWrapper).blacklist(csrfWrapper);
}
}
if (config.security.csp instanceof Object) {
luscaCsp = lusca.csp(config.security.csp);
obj.server.use(luscaCsp).blacklist(luscaCsp);
}
if (!string.isEmpty(config.security.xframe || "")) {
luscaXframe = lusca.xframe(config.security.xframe);
obj.server.use(luscaXframe).blacklist(luscaXframe);
}
if (!string.isEmpty(config.security.p3p || "")) {
luscaP3p = lusca.p3p(config.security.p3p);
obj.server.use(luscaP3p).blacklist(luscaP3p);
}
if (config.security.hsts instanceof Object) {
luscaHsts = lusca.hsts(config.security.hsts);
obj.server.use(luscaHsts).blacklist(luscaHsts);
}
if (config.security.xssProtection instanceof Object) {
luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
obj.server.use(luscaXssProtection).blacklist(luscaXssProtection);this.app.use(
session({
resave: true,
saveUninitialized: true,
secret: SESSION_SECRET,
store: new MongoStore({
url: MONGODB_URI,
autoReconnect: true,
}),
}),
);
this.app.use(expressValidator());
this.app.use(passport.initialize());
this.app.use(passport.session());
this.app.use(lusca.xframe('SAMEORIGIN'));
this.app.use(lusca.xssProtection(true));
this.app.use((req, res, next) => {
res.on('finish', () => {
logger.debug(
res.statusCode && res.statusCode.toString(),
req.method,
req.originalUrl,
);
});
next();
});
}
