Home Explore Help
Sign In
maixinrong
/
Calculation
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

http头调整

MaiXinRong 1 year ago
parent
c32c90fd33
commit
b49ba89c81
2 changed files with 38 additions and 2 deletions
Split View Show Diff Stats
  1. 32 0
      app/middleware/http_header.js
  2. 6 2
      config/config.default.js

+ 32 - 0
app/middleware/http_header.js
View File 

@@ -0,0 +1,32 @@
 
+'use strict';
 
+
 
+module.exports = options => {
 
+    return async function httpHeader(ctx, next) {
 
+        await next();
 
+
 
+        // CT-638506 避免获取用户敏感信息
 
+        ctx.set('X-Content-Type-Options', 'nosniff');
 
+        // CT-638385 点击劫持相关
 
+        // 禁止以iframe或者frame的形式嵌入 (deny/sameorign都可)
 
+        ctx.set('X-Frame-Options', 'deny');
 
+        // CT-638235
 
+        // 避免钓鱼欺骗 (启用XSS过滤器。如果检测到攻击,浏览器将不会清理页面,而是完全阻止页面的渲染)
 
+        ctx.set('X-XSS-Protection', '1; mode=block');
 
+        // 可以节省一次请求重定向(HSTS预加载服务,按指示提交域名后,浏览器将永不使用非安全方式链接)
 
+        ctx.set('strict-transport-security', 'max-age=31536000; includeSubDomains; preload');
 
+        //
 
+        const csp = [
 
+            'default-src', `'self' 'unsafe-inline' https://jiliang-qa.oss-cn-shenzhen.aliyuncs.com/ ${ctx.app.config.fujianOssPath} https://open.weixin.qq.com/ https://res.wx.qq.com/;`,
 
+            'img-src', `'self' data: blob: ${ctx.app.config.fujianOssPath};`,
 
+        ];
 
+        ctx.set('Content-Security-Policy', csp.join(' '));
 
+        // IE8以上版本用户,在下载时,不显示打开选项
 
+        ctx.set('X-Download-Options', 'noopen');
 
+        // 针对三方网站隐藏referer,防止隐私泄露和钓鱼攻击
 
+        // same-origin 同源则发送,反之不发送
 
+        // strict-origin 安全级别相同发送,反之不发送(例如https->http)
 
+        ctx.set('referer-policy', 'same-origin');
 
+        //
 
+        ctx.set('X-Permitted-Cross-Domain-Policies', 'master-only');
 
+    };
 
+};

+ 6 - 2
config/config.default.js
View File 

@@ -65,7 +65,7 @@ module.exports = appInfo => {
 
     config.pageSize = 15;
 
 
     // 中间件
 
-    config.middleware = ['gzip', 'urlParse', 'sortFilter', 'autoLogger', 'autoFinishLogger'];
 
+    config.middleware = ['httpHeader', 'gzip', 'urlParse', 'sortFilter', 'autoLogger', 'autoFinishLogger'];
 
 
     // session配置
 
     config.session = {
 
@@ -93,6 +93,10 @@ module.exports = appInfo => {
 
             sessionName: 'csrfToken_j',   // csrf token's session name
 
             bodyName: '_csrf_j',          // request csrf token's name in body
 
             queryName: '_csrf_j',         // request csrf token's name in query
 
+            cookie: {
 
+                httpOnly: true,
 
+                // secure: true,  // 如果站点使用了HTTPS,可以开启此选项
 
+            }
 
         },
 
     };
 
 
@@ -253,7 +257,7 @@ module.exports = appInfo => {
 
     config.fujianOssPath = 'https://jiliang-saas-oss-cdn.smartcost.com.cn/';
 
     config.fujianOssFolder = '';
 
 
-    config.syncUrl = 'http://sync.jl.smartcost.com.cn/';
 
+    config.syncUrl = 'https://jl-sync.smartcost.com.cn/';
 
 
     // 项目管理跳转路径
 
     config.managementPath = 'https://pm.smartcost.com.cn';