feature/refactor-login #19
|
@ -36,6 +36,9 @@ export class AppModule {
|
|||
public configure(consumer: MiddlewareConsumer): void {
|
||||
consumer
|
||||
// TODO Redirect via Reverse Proxy all HTTP requests to HTTPS
|
||||
// TODO use env.dev and end.prod
|
||||
// TODO Implement helmet module
|
||||
// TODO Implement CSRF protection -> csurf module
|
||||
.apply(
|
||||
CspMiddleware,
|
||||
SecurityHeadersMiddleware,
|
||||
|
|
|
@ -13,6 +13,13 @@ export class SecurityHeadersMiddleware implements NestMiddleware {
|
|||
'max-age=63072000; includeSubDomains; preload'
|
||||
);
|
||||
}
|
||||
res.setHeader('Referrer-Policy', 'no-referrer');
|
||||
res.setHeader(
|
||||
'Permissions-Policy',
|
||||
'geolocation=(), microphone=(), camera=()'
|
||||
);
|
||||
res.setHeader('X-XSS-Protection', '1; mode=block');
|
||||
|
||||
res.setHeader('X-Content-Type-Options', 'nosniff');
|
||||
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
|
||||
next();
|
||||
|
|
|
@ -24,6 +24,7 @@ export class SessionInitService {
|
|||
ttl: 86400,
|
||||
}).connect(this.dataSource.getRepository(Session)),
|
||||
cookie: {
|
||||
// TODO: Check sameSite strict configuration on production
|
||||
maxAge: 86400000,
|
||||
httpOnly: true,
|
||||
secure:
|
||||
|
@ -34,7 +35,7 @@ export class SessionInitService {
|
|||
sameSite:
|
||||
this.configService.get<string>('NODE_ENV') === 'development'
|
||||
? 'strict'
|
||||
: 'none',
|
||||
: 'strict',
|
||||
},
|
||||
});
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue