How can I extend the Sails built in security? For example how can I implement lusca (module from Kraken) in Sails? What are other alternate ways of extending the built in security in Sails?
Asked
Active
Viewed 639 times
2 Answers
5
You can add modules like lusca and helmet in http.js and configuring the order.
var lusca = require('lusca');
var helmet = require('helmet');
module.exports.http = {
middleware: {
order: [
'startRequestTimer',
'cookieParser',
'session',
'bodyParser',
'handleBodyParserError',
'compress',
'methodOverride',
'$custom',
'helmetProtection',
'xframe',
'router',
'www',
'favicon',
'404',
'500'
],
xframe: function xframe(req, res, next) {
return lusca.xframe('SAMEORIGIN')(req, res, next);
},
helmetProtection: function helmetProtection(req, res, next) {
return helmet({
frameguard: false
})(req, res, next);
}
},
cache: 1 * 60 * 60
};
MjZac
- 3,476
- 1
- 17
- 28
-
Glad it helped. :) – MjZac Feb 15 '17 at 15:39
-
SailsJS has decent documentation. This topic is discussed under Concepts -> Security at http://sailsjs.com/documentation/concepts/security – None Feb 15 '17 at 18:41
-
@J.Money I had read the documentation, but was unable to set the X-Frame-Options header following their directions. – Cirakuze Feb 15 '17 at 20:20
0
The above answer given by @MjZac is perfectly worked. I just want to add an updated version of the file as per the latest version of the sails Js.
var helmet = require('helmet');
module.exports.http = {
cache: 365.25 * 24 * 60 * 60 * 1000,
trustProxy: true,
middleware: {
order: [
'cookieParser',
'session',
'bodyParser',
'compress',
'helmetProtection',
'xss',
'router',
'www',
'favicon'
],
xss: require('lusca').xssProtection('1'),
helmetProtection: function helmetProtection(req, res, next) {
return helmet({
frameguard: false
})(req, res, next);
}
}
};
Abhishek Gupta
- 230
- 2
- 12