From ed6367eeb4f6e17a9190038ff5a56657ca04e16c Mon Sep 17 00:00:00 2001
From: Jim Laurie <j.laurie6993@gmail.com>
Date: Mon, 27 Nov 2017 12:11:30 +0100
Subject: [PATCH] Fix use defaults middleware configs

---
 packages/strapi/lib/middlewares/cors/index.js   | 14 ++++++++------
 packages/strapi/lib/middlewares/xframe/index.js |  6 ++++--
 packages/strapi/lib/middlewares/xss/index.js    |  4 +++-
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/packages/strapi/lib/middlewares/cors/index.js b/packages/strapi/lib/middlewares/cors/index.js
index 3f0eb6a0da..c0a4b83224 100755
--- a/packages/strapi/lib/middlewares/cors/index.js
+++ b/packages/strapi/lib/middlewares/cors/index.js
@@ -15,17 +15,19 @@ module.exports = strapi => {
      */
 
     initialize: function(cb) {
+      const defaults = require('./defaults.json');
+
       strapi.app.use(
         async (ctx, next) => {
           if (ctx.request.admin) {
             return strapi.koaMiddlewares.kcors({
               origin: '*',
-              exposeHeaders: this.defaults.cors.expose,
-              maxAge: this.defaults.cors.maxAge,
-              credentials: this.defaults.cors.credentials,
-              allowMethods: this.defaults.cors.methods,
-              allowHeaders: this.defaults.cors.headers,
-              keepHeadersOnError: this.defaults.cors.keepHeadersOnError
+              exposeHeaders: defaults.cors.expose,
+              maxAge: defaults.cors.maxAge,
+              credentials: defaults.cors.credentials,
+              allowMethods: defaults.cors.methods,
+              allowHeaders: defaults.cors.headers,
+              keepHeadersOnError: defaults.cors.keepHeadersOnError
             })(ctx, next);
           } else if (strapi.config.currentEnvironment.security.cors.enabled) {
             return strapi.koaMiddlewares.kcors({
diff --git a/packages/strapi/lib/middlewares/xframe/index.js b/packages/strapi/lib/middlewares/xframe/index.js
index 851f380cb3..21cf0e0d6a 100755
--- a/packages/strapi/lib/middlewares/xframe/index.js
+++ b/packages/strapi/lib/middlewares/xframe/index.js
@@ -15,13 +15,15 @@ module.exports = strapi => {
      */
 
     initialize: function(cb) {
+      const defaults = require('./defaults.json');
+      
       strapi.app.use(
         async (ctx, next) => {
           if (ctx.request.admin) {
             return await strapi.koaMiddlewares.convert(
               strapi.koaMiddlewares.lusca.xframe({
-                enabled: this.defaults.xframe.enabled,
-                value: this.defaults.xframe.value
+                enabled: defaults.xframe.enabled,
+                value: defaults.xframe.value
               })
             )(ctx, next);
           } else if (strapi.config.currentEnvironment.security.xframe.enabled) {
diff --git a/packages/strapi/lib/middlewares/xss/index.js b/packages/strapi/lib/middlewares/xss/index.js
index e0409c40c3..484bcc067e 100755
--- a/packages/strapi/lib/middlewares/xss/index.js
+++ b/packages/strapi/lib/middlewares/xss/index.js
@@ -15,13 +15,15 @@ module.exports = strapi => {
      */
 
     initialize: function(cb) {
+      const defaults = require('./defaults.json');
+
       strapi.app.use(
         async (ctx, next) => {
           if (ctx.request.admin) {
             return await strapi.koaMiddlewares.convert(
               strapi.koaMiddlewares.lusca.xssProtection({
                 enabled: true,
-                mode: this.defaults.xss.mode
+                mode: defaults.xss.mode
               })
             )(ctx, next);
           } else if (strapi.config.currentEnvironment.security.xss.enabled) {