Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Modify response header with sails.js for implementing HSTS

Tags:

node.js

express

ssl

sails.js

hsts

I am implementing a nodejs application using sails.js. I want my user to communicate only through https. So for doing that I need to configure my server my way so that with each response it will add a header "Strict-Transport-Security", "max-age=31536000" to tell browser to communicate with HSTS only. Now how I can modify every response header that I am going to send from sails js.I searched the documentation but did not found any help.

like image 442
Muhammad Raihan Muhaimin Avatar asked Feb 05 '14 01:02

Muhammad Raihan Muhaimin

1 Answers

Policies are only applied to the controllers that you explicitly assign them to in config/policies.js.

Instead of using a policy, try adding an express middleware directly in config/express.js, (create the file if it does not already exist). This middleware is applied to ALL controllers. The format is like so:

// config/express.js
"use strict";
exports.express = {
    customMiddleware: function (app) {
        app.use(function hsts(req, res, next) {
            res.setHeader("Strict-Transport-Security", "max-age=31536000");
            next();
        });
    }
}

If you have multiple express custom middleware that you want to use, my advice is to keep each middleware function in its own file. I will provide an example, using your middleware along with an additional middleware that accepts some options.

// config/express.js
"use strict";
var hsts = require('../lib/middleware/hsts');
var staticguard = require('../lib/middleware/staticguard');
exports.express = {
    customMiddleware: function (app) {
        // ordering of middleware matters!
        app.use(hsts);
        app.use(staticguard(/^\/protected\/.*$/));
    }
}

// lib/middleware/hsts.js
"use strict";
module.exports = function hsts(req, res, next) {
    res.setHeader("Strict-Transport-Security", "max-age=31536000");
    next();
}

// lib/middleware/staticguard.js
"use strict";
module.exports = function (regex) {
    return function (req, res, next) {
        if (!regex.test(req.url)) {
            return next();
        }
        res.end('you are not allowed!');
    }
};

If you try to have multiple files export a function on the 'express.customMiddleware' namespace, I believe only the middleWare of the last file loaded will work. I haven't tried it though.

like image 60
Chad Avatar answered Sep 19 '22 05:09

Chad
Sign in to Comment

Related questions

Mock fs.readdir for testing
Trouble installing topojson on ubuntu
NodeJS - How to Download file via Request?
Understanding how to use NodeJS to create a simple backend
Is it possible to search multiple Mongoose models at once?
grunt-typescript doesn't produce js files in specified `dest`
Removing file extension using grunt-contrib-connect and grunt-connect-rewrite
How can I update node.js and install grunt/bower in a python project in Travis CI?
Install(rollback) to older socket.IO version
node.js async.each callback, how do I know when it's done?
How to deal with promises in loop?
Query npm error state in bat file
Does Meteor retain reactivity when using a REST API
sails.js - how can I acess session data in Model hook beforeCreate
Live streaming using FFMPEG to web audio api
Concurrent access to a document with mongoose
How to get html tag attribute values using JavaScript Regular Expressions?
Including JQuery Mobile in a Node JS project with Browserify
How can I run one particular CucumberJS feature using GruntJS?
Playing mp3 on website created with Node.js

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!