express-blog/src/config/securityConfig.js at ebd04c85085015ed6fd4d9167fdef099c5e63750

Fork: 0

jason / express-blog

Find file

Newer

Older

express-blog / src / config / securityConfig.js

Jason Poage on 27 Feb 929 bytes modified: src/config/securityConfig.js

Raw Blame History

// config/securityConfig.js

const { baseUrl } = require("../utils/baseUrl");

module.exports = {
  LOCALHOST_HOSTNAMES: ["127.0.0.1", "localhost"],
  HEALTHCHECK_METHOD: "HEAD",
  HEALTHCHECK_PATH: "/health",
  FORBIDDEN_MESSAGE: "Forbidden",
  FORBIDDEN_STATUS_CODE: 403,
  HSTS_MAX_AGE: 63072000,
  CSP_DIRECTIVES: {
    defaultSrc: ["'self'", baseUrl],
    scriptSrc: [
      "'self'",
      "https://hcaptcha.com",
      "https://cdn.jsdelivr.net",
      "https://cdnjs.cloudflare.com",
      "https://jigsaw.w3.org",
    ],
    styleSrc: [
      "'self'",
      "https:",
      "'sha256-IFndQX5fbz502m3YOxm0DNm7rM0AXxtuHDGmEwvNjfk='",
    ],
    imgSrc: [
      "'self'",
      "data:",
      "https://licensebuttons.net",
      "https://cdn.jsdelivr.net",
      "https://jigsaw.w3.org",
    ],
    frameSrc: ["'self'", "https://newassets.hcaptcha.com"],
    objectSrc: ["'none'"],
    upgradeInsecureRequests: [],
  },
};