gnezim/flights_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement security headers middleware for HSTS, COOP, CORP, and more

Browse Source
This commit is contained in:
Anton
2026-04-15 00:49:07 +03:00
parent 4f93d0a9bf
commit 5d041cc4c6
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/server/middleware/security-headers.ts
+27
View File
@@ -0,0 +1,27 @@
/**
* Factory returning express-style middleware that sets standard security headers.
* Registered by 1I when wiring middleware into Modern.js config.
*/
export function securityHeadersMiddleware() {
return (
_req: unknown,
res: { setHeader(name: string, value: string): void },
next: () => void,
): void => {
res.setHeader(
"Strict-Transport-Security",
"max-age=63072000; includeSubDomains; preload",
);
res.setHeader("X-Content-Type-Options", "nosniff");
res.setHeader("X-Frame-Options", "SAMEORIGIN");
res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
res.setHeader(
"Permissions-Policy",
"geolocation=(), camera=(), microphone=()",
);
res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
next();
};
}