github/tw-did
1
1
Fork 0
mirror of https://github.com/moda-gov-tw/tw-did.git synced 2026-01-10 05:07:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore: add comment for modifying

Browse Source
This commit is contained in:
Philip Hsu
2023-12-12 15:19:36 +08:00
parent a27c54deb3
commit 4df39a2d29
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/server/src/app/app.module.ts
View File

@@ -27,8 +27,11 @@ import { IssuanceModule } from '../issuance/issuance.module';
return [
{
rootPath: clientPath,
// set some response headers to improve security of the static web
serveStaticOptions: {
setHeaders(res) {
// apply Content Security Policy (CSP) to mitigate some types of attacks,
// such as cross-site scripting (XSS) and packet sniffing attacks.
const cspHeader = `
default-src 'self';
img-src 'self';
@@ -44,11 +47,12 @@ import { IssuanceModule } from '../issuance/issuance.module';
frame-src 'self';
upgrade-insecure-requests;
`.replace(/\s{2,}/g, " ").trim()
res.setHeader('Content-Security-Policy', cspHeader)
// avoid click-jacking attacks
res.setHeader('X-Frame-Options', 'DENY')
// avoid MIME type sniffing
res.setHeader('X-Content-Type-Options', 'nosniff')
// deny requesting code from any other origin to access resources of the web
res.removeHeader('access-control-allow-origin')
},
}