added csp
This commit is contained in:
parent
dbd761bafd
commit
975fbbe3f2
|
@ -1,8 +1,9 @@
|
||||||
import { Module } from '@nestjs/common';
|
import { MiddlewareConsumer, Module, RequestMethod } from '@nestjs/common';
|
||||||
import { AppController } from './app.controller';
|
import { AppController } from './app.controller';
|
||||||
import { AppService } from './app.service';
|
import { AppService } from './app.service';
|
||||||
import { ConfigModule } from '@nestjs/config';
|
import { ConfigModule } from '@nestjs/config';
|
||||||
import { DatabaseModule } from './modules/database-module/database.module';
|
import { DatabaseModule } from './modules/database-module/database.module';
|
||||||
|
import { CspMiddleware } from './middleware/csp-middleware/csp-middleware';
|
||||||
|
|
||||||
@Module({
|
@Module({
|
||||||
imports: [
|
imports: [
|
||||||
|
@ -14,4 +15,10 @@ import { DatabaseModule } from './modules/database-module/database.module';
|
||||||
controllers: [AppController],
|
controllers: [AppController],
|
||||||
providers: [AppService],
|
providers: [AppService],
|
||||||
})
|
})
|
||||||
export class AppModule {}
|
export class AppModule {
|
||||||
|
configure(consumer: MiddlewareConsumer) {
|
||||||
|
consumer
|
||||||
|
.apply(CspMiddleware)
|
||||||
|
.forRoutes({ path: '*', method: RequestMethod.ALL });
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
import { Injectable, NestMiddleware } from '@nestjs/common';
|
||||||
|
import { Request, Response, NextFunction } from 'express';
|
||||||
|
import { ConfigService } from '@nestjs/config';
|
||||||
|
import { log } from 'console';
|
||||||
|
|
||||||
|
@Injectable()
|
||||||
|
export class CspMiddleware implements NestMiddleware {
|
||||||
|
constructor(private configService: ConfigService) {}
|
||||||
|
|
||||||
|
use(req: Request, res: Response, next: NextFunction): void {
|
||||||
|
const cspDirectives = this.configService.get<string>('CSP_DIRECTIVES');
|
||||||
|
if (cspDirectives) {
|
||||||
|
res.setHeader('Content-Security-Policy', cspDirectives);
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue