本文整理汇总了TypeScript中csurf.default方法的典型用法代码示例。如果您正苦于以下问题:TypeScript csurf.default方法的具体用法?TypeScript csurf.default怎么用?TypeScript csurf.default使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类csurf的用法示例。
在下文中一共展示了csurf.default方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的TypeScript代码示例。
示例1: server
export default function server(session: any): express.Express {
// Init server
const app: express.Express = express();
app.disable('x-powered-by');
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cookieParser(config.cookiePass));
// Session settings
app.use(expressSession(session));
// CSRF
app.use(csrf({
cookie: false
}));
// CORS
app.use(cors({
origin: true,
credentials: true
}));
app.use((req, res, next) => {
res.header('X-Frame-Options', 'DENY');
next();
});
router(app);
return app;
}示例2: load
@InitPhase
@Inject(['logger', 'config', 'express'])
@After('BodyParser:load')
load(logger, config, app) {
logger.debug('load express-security');
config.defaults({
expressSecurity: {
requireHttps: false
}
});
const requireHttps = config.get('expressSecurity:requireHttps');
if (requireHttps === true || requireHttps === 'true') {
app.use(function(req, res, next) {
if (req.headers['x-forwarded-proto'] !== 'https') {
return res.redirect(['https://', req.get('Host'), req.url].join(''));
}
res.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
next();
});
}
// enable CSRF protection
const csrfMiddleware = csrf({cookie: true});
app.use(function(req, res, next) {
// ignore the multipart ones, to do multer, then enable csrf after
if (req.headers['content-type'] && req.headers['content-type'].substr(0, 19).toLowerCase() === 'multipart/form-data') {
next();
return;
}
csrfMiddleware(req, res, next);
});
// enable other protections for the site
app.use(function(req, res, next) {
res.header('X-XSS-Protection', '1; mode=block');
res.header('X-FRAME-OPTIONS', 'SAMEORIGIN');
let csrfToken = null;
res.locals._csrf = function() {
if (!csrfToken) {
csrfToken = req.csrfToken();
}
return csrfToken;
};
next();
});
}示例3: enableFor
enableFor (app: express.Express) {
app.use(
csrf(
{
cookie: {
key: '_csrf',
secure: true,
httpOnly: true
}
}
)
)
app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
res.locals.csrf = req.csrfToken()
next()
})
}示例4:
res.vary('Origin');
// intercept OPTIONS method
if (req.method === 'OPTIONS') {
res.sendStatus(200);
} else {
next();
}
});
// Session settings
app.use(expressSession(session));
// CSRF
app.use(csrf({
cookie: false
}));
app.use((req, res, next) => {
res.locals.csrftoken = req.csrfToken();
next();
});
app.use(require('subdomain')(subdomainOptions));
// HSTS
if (config.https.enable) {
app.use((req, res, next) => {
res.header('Strict-Transport-Security', 'max-age=15768000; includeSubDomains; preload');
next();
});
}示例5: catch
const pathExistSync = (pathName: string): boolean => {
try {
fs.accessSync(pathName);
return true;
} catch (err) {
return false;
}
};
// Set Up Express Server
const app: express.Express = express();
// Middleware
const jsonParser = bodyParser.json();
const csrfProtection = csrf({ cookie: true });
// Constants
const TCL_BACKEND_PATH = "http://localhost:8001/api/process";
if (pathExistSync("build")) {
process.chdir("build");
}
const STATIC_PATH = process.cwd() + "/static/";
// Adjust HTTP header setting for security
// - Enables: dnsPrefetchControl, framegurd, hidePoweredBy, hsts, isNoOpen, xssFilter
// - Disables: contentSecurityPolicy, HTTP Public Key Pinning, noCache
app.use(helmet());
app.use(cookieParser());