feature/refactor-login #19
|
@ -36,6 +36,9 @@ export class AppModule {
|
||||||
public configure(consumer: MiddlewareConsumer): void {
|
public configure(consumer: MiddlewareConsumer): void {
|
||||||
consumer
|
consumer
|
||||||
// TODO Redirect via Reverse Proxy all HTTP requests to HTTPS
|
// TODO Redirect via Reverse Proxy all HTTP requests to HTTPS
|
||||||
|
// TODO use env.dev and end.prod
|
||||||
|
// TODO Implement helmet module
|
||||||
|
// TODO Implement CSRF protection -> csurf module
|
||||||
.apply(
|
.apply(
|
||||||
CspMiddleware,
|
CspMiddleware,
|
||||||
SecurityHeadersMiddleware,
|
SecurityHeadersMiddleware,
|
||||||
|
|
|
@ -13,6 +13,13 @@ export class SecurityHeadersMiddleware implements NestMiddleware {
|
||||||
'max-age=63072000; includeSubDomains; preload'
|
'max-age=63072000; includeSubDomains; preload'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
res.setHeader('Referrer-Policy', 'no-referrer');
|
||||||
|
res.setHeader(
|
||||||
|
'Permissions-Policy',
|
||||||
|
'geolocation=(), microphone=(), camera=()'
|
||||||
|
);
|
||||||
|
res.setHeader('X-XSS-Protection', '1; mode=block');
|
||||||
|
|
||||||
res.setHeader('X-Content-Type-Options', 'nosniff');
|
res.setHeader('X-Content-Type-Options', 'nosniff');
|
||||||
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
|
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
|
||||||
next();
|
next();
|
||||||
|
|
|
@ -24,6 +24,7 @@ export class SessionInitService {
|
||||||
ttl: 86400,
|
ttl: 86400,
|
||||||
}).connect(this.dataSource.getRepository(Session)),
|
}).connect(this.dataSource.getRepository(Session)),
|
||||||
cookie: {
|
cookie: {
|
||||||
|
// TODO: Check sameSite strict configuration on production
|
||||||
maxAge: 86400000,
|
maxAge: 86400000,
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
secure:
|
secure:
|
||||||
|
@ -34,7 +35,7 @@ export class SessionInitService {
|
||||||
sameSite:
|
sameSite:
|
||||||
this.configService.get<string>('NODE_ENV') === 'development'
|
this.configService.get<string>('NODE_ENV') === 'development'
|
||||||
? 'strict'
|
? 'strict'
|
||||||
: 'none',
|
: 'strict',
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue