當前位置: 首頁>>代碼示例>>TypeScript>>正文


TypeScript csurf.default方法代碼示例

本文整理匯總了TypeScript中csurf.default方法的典型用法代碼示例。如果您正苦於以下問題:TypeScript csurf.default方法的具體用法?TypeScript csurf.default怎麽用?TypeScript csurf.default使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在csurf的用法示例。


在下文中一共展示了csurf.default方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的TypeScript代碼示例。

示例1: server

export default function server(session: any): express.Express {

	// Init server
	const app: express.Express = express();
	app.disable('x-powered-by');

	app.use(bodyParser.urlencoded({ extended: true }));
	app.use(cookieParser(config.cookiePass));

	// Session settings
	app.use(expressSession(session));

	// CSRF
	app.use(csrf({
		cookie: false
	}));

	// CORS
	app.use(cors({
		origin: true,
		credentials: true
	}));

	app.use((req, res, next) => {
		res.header('X-Frame-Options', 'DENY');
		next();
	});

	router(app);

	return app;
}
開發者ID:armchair-philosophy,項目名稱:Misskey-Web,代碼行數:32,代碼來源:server.ts

示例2: load

    @InitPhase
    @Inject(['logger', 'config', 'express'])
    @After('BodyParser:load')
    load(logger, config, app) {
        logger.debug('load express-security');

        config.defaults({
            expressSecurity: {
                requireHttps: false
            }
        });

        const requireHttps = config.get('expressSecurity:requireHttps');
        if (requireHttps === true || requireHttps === 'true') {
            app.use(function(req, res, next) {
                if (req.headers['x-forwarded-proto'] !== 'https') {
                    return res.redirect(['https://', req.get('Host'), req.url].join(''));
                }

                res.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
                next();
            });
        }

        // enable CSRF protection
        const csrfMiddleware = csrf({cookie: true});
        app.use(function(req, res, next) {
            // ignore the multipart ones, to do multer, then enable csrf after
            if (req.headers['content-type'] && req.headers['content-type'].substr(0, 19).toLowerCase() === 'multipart/form-data') {
                next();
                return;
            }

            csrfMiddleware(req, res, next);
        });

        // enable other protections for the site
        app.use(function(req, res, next) {
            res.header('X-XSS-Protection', '1; mode=block');
            res.header('X-FRAME-OPTIONS', 'SAMEORIGIN');

            let csrfToken = null;
            res.locals._csrf = function() {
                if (!csrfToken) {
                    csrfToken = req.csrfToken();
                }
                return csrfToken;
            };
            next();
        });
    }
開發者ID:HallM,項目名稱:poc-fw2,代碼行數:51,代碼來源:index.ts

示例3: enableFor

  enableFor (app: express.Express) {
    app.use(
      csrf(
        {
          cookie: {
            key: '_csrf',
            secure: true,
            httpOnly: true
          }
        }
      )
    )

    app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
      res.locals.csrf = req.csrfToken()
      next()
    })
  }
開發者ID:hmcts,項目名稱:cmc-citizen-frontend,代碼行數:18,代碼來源:index.ts

示例4:

	res.vary('Origin');

	// intercept OPTIONS method
	if (req.method === 'OPTIONS') {
		res.sendStatus(200);
	} else {
		next();
	}
});

// Session settings
app.use(expressSession(session));

// CSRF
app.use(csrf({
	cookie: false
}));
app.use((req, res, next) => {
	res.locals.csrftoken = req.csrfToken();
	next();
});

app.use(require('subdomain')(subdomainOptions));

// HSTS
if (config.https.enable) {
	app.use((req, res, next) => {
		res.header('Strict-Transport-Security', 'max-age=15768000; includeSubDomains; preload');
		next();
	});
}
開發者ID:sagume,項目名稱:Misskey-Web,代碼行數:31,代碼來源:server.ts

示例5: catch

const pathExistSync = (pathName: string): boolean => {
    try {
        fs.accessSync(pathName);
        return true;
    } catch (err) {
        return false;
    }
};

// Set Up Express Server
const app: express.Express = express();

// Middleware
const jsonParser = bodyParser.json();
const csrfProtection = csrf({ cookie: true });

// Constants
const TCL_BACKEND_PATH = "http://localhost:8001/api/process";

if (pathExistSync("build")) {
    process.chdir("build");
}

const STATIC_PATH = process.cwd() + "/static/";

// Adjust HTTP header setting for security
//  - Enables: dnsPrefetchControl, framegurd, hidePoweredBy, hsts, isNoOpen, xssFilter
//  - Disables: contentSecurityPolicy, HTTP Public Key Pinning, noCache
app.use(helmet());
app.use(cookieParser());
開發者ID:shuntksh,項目名稱:binaryscanr,代碼行數:30,代碼來源:binaryscanr.ts


注:本文中的csurf.default方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。