strapi/lib/configuration/hooks/lusca/index.js

'use strict';

/**
 * Module dependencies
 */

// Public node modules.
const _ = require('lodash');

/**
 * Lusca hook
 */

module.exports = function (strapi) {
  const hook = {

    /**
     * Default options
     */

    defaults: {
      csrf: false,
      csp: false,
      p3p: false,
      hsts: {
        maxAge: 31536000,
        includeSubDomains: true
      },
      xframe: 'SAMEORIGIN',
      xssProtection: false
    },

    /**
     * Initialize the hook
     */

    initialize: function (cb) {
      if (_.isPlainObject(strapi.config.csrf) && !_.isEmpty(strapi.config.csrf)) {
        strapi.app.use(strapi.middlewares.lusca.csrf({
          key: strapi.config.csrf.key,
          secret: strapi.config.csrf.secret
        }));
      }

      if (_.isPlainObject(strapi.config.csp) && !_.isEmpty(strapi.config.csp)) {
        strapi.app.use(strapi.middlewares.lusca.csp(strapi.config.csp));
      }

      if (_.isString(strapi.config.xframe)) {
        strapi.app.use(strapi.middlewares.lusca.xframe({
          value: strapi.config.xframe
        }));
      }

      if (_.isString(strapi.config.p3p)) {
        strapi.app.use(strapi.middlewares.lusca.p3p({
          value: strapi.config.p3p
        }));
      }

      if (_.isPlainObject(strapi.config.hsts) && !_.isEmpty(strapi.config.hsts)) {
        strapi.app.use(strapi.middlewares.lusca.hsts({
          maxAge: strapi.config.hsts.maxAge,
          includeSubDomains: strapi.config.hsts.includeSubDomains
        }));
      }

      if (_.isPlainObject(strapi.config.xssProtection) && !_.isEmpty(strapi.config.xssProtection)) {
        strapi.app.use(strapi.middlewares.lusca.xssProtection({
          enabled: strapi.config.xssProtection.enabled,
          mode: strapi.config.xssProtection.mode
        }));
      }

      cb();
    }
  };

  return hook;
};
Initial release 2015-10-01 00:30:16 +02:00			`'use strict';`

			`/**`
			`* Module dependencies`
			`*/`

			`// Public node modules.`
			`const _ = require('lodash');`

			`/**`
			`* Lusca hook`
			`*/`

			`module.exports = function (strapi) {`
			`const hook = {`

			`/**`
			`* Default options`
			`*/`

			`defaults: {`
			`csrf: false,`
			`csp: false,`
			`p3p: false,`
			`hsts: {`
			`maxAge: 31536000,`
			`includeSubDomains: true`
			`},`
			`xframe: 'SAMEORIGIN',`
			`xssProtection: false`
			`},`

			`/**`
			`* Initialize the hook`
			`*/`

			`initialize: function (cb) {`
			`if (_.isPlainObject(strapi.config.csrf) && !_.isEmpty(strapi.config.csrf)) {`
			`strapi.app.use(strapi.middlewares.lusca.csrf({`
			`key: strapi.config.csrf.key,`
			`secret: strapi.config.csrf.secret`
			`}));`
			`}`

			`if (_.isPlainObject(strapi.config.csp) && !_.isEmpty(strapi.config.csp)) {`
			`strapi.app.use(strapi.middlewares.lusca.csp(strapi.config.csp));`
			`}`

			`if (_.isString(strapi.config.xframe)) {`
			`strapi.app.use(strapi.middlewares.lusca.xframe({`
			`value: strapi.config.xframe`
			`}));`
			`}`

			`if (_.isString(strapi.config.p3p)) {`
			`strapi.app.use(strapi.middlewares.lusca.p3p({`
			`value: strapi.config.p3p`
			`}));`
			`}`

			`if (_.isPlainObject(strapi.config.hsts) && !_.isEmpty(strapi.config.hsts)) {`
			`strapi.app.use(strapi.middlewares.lusca.hsts({`
			`maxAge: strapi.config.hsts.maxAge,`
			`includeSubDomains: strapi.config.hsts.includeSubDomains`
			`}));`
			`}`

			`if (_.isPlainObject(strapi.config.xssProtection) && !_.isEmpty(strapi.config.xssProtection)) {`
			`strapi.app.use(strapi.middlewares.lusca.xssProtection({`
			`enabled: strapi.config.xssProtection.enabled,`
			`mode: strapi.config.xssProtection.mode`
			`}));`
			`}`

			`cb();`
			`}`
			`};`

			`return hook;`
			`};`