siren-lusca

Web application security middleware for koa. This middleware is modified based on lusca.

=====

Usage

var koa = require('koa'),
    app = koa(),
    session = require('koa-generic-session'),
    bodyParser = require('koa-bodyparser'),
    lusca = require('siren-lusca');
 
app.keys = ["abc"];
app.use(session());
app.use(bodyParser());
 
app.use(lusca({
    csrf: true,
    csp: { /* ... */},
    xframe: 'SAMEORIGIN',
    p3p: 'ABCDEF',
    hsts: {maxAge: 31536000, includeSubDomains: true},
    xssProtection: true,
    nocache: true,
    nosniff: {noETag: true},
    ienoopen: true
}));

Setting any value to false will disable it. Alternately, you can opt into methods one by one:

app.use(lusca.csrf());
app.use(lusca.csp({ /* ... */}));
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.p3p('ABCDEF'));
app.use(lusca.hsts({ maxAge: 31536000 }));
app.use(lusca.xssProtection(true));
app.use(lusca.nocache());
app.use(lusca.nosniff({noETag: true}));
app.use(lusca.ienoopen());

Please note that you must ensure the existence of ctx.session.

API

Please refer to lusca or the comments in the source code.

Tests

$ npm test

Coverage

$ npm test-cov
```

siren-lusca

siren-lusca

Usage

API

Tests

Coverage

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Last publish

Collaborators

siren-lusca

siren-lusca

Usage

API

Tests

Coverage

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Last publish

Collaborators

Weekly Downloads