use full helmet() middleware (#135)

fixes #132
This commit is contained in:
Nolan Lawson 2018-04-15 15:39:45 -07:00 committed by GitHub
parent d0cf8cac9e
commit d9ae0666c2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 445 additions and 10 deletions

433
package-lock.json generated
View file

@ -147,6 +147,11 @@
"integrity": "sha1-06ioOzGapneTZisT52HHkRQiMG4=", "integrity": "sha1-06ioOzGapneTZisT52HHkRQiMG4=",
"dev": true "dev": true
}, },
"ansi-html": {
"version": "0.0.7",
"resolved": "https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz",
"integrity": "sha1-gTWEAhliqenm/QOflA0S9WynhZ4="
},
"ansi-regex": { "ansi-regex": {
"version": "2.1.1", "version": "2.1.1",
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz",
@ -2573,6 +2578,11 @@
"randombytes": "2.0.6" "randombytes": "2.0.6"
} }
}, },
"dns-prefetch-control": {
"version": "0.1.0",
"resolved": "https://registry.npmjs.org/dns-prefetch-control/-/dns-prefetch-control-0.1.0.tgz",
"integrity": "sha1-YN20V3dOF48flBXwyrsOhbCzALI="
},
"doctrine": { "doctrine": {
"version": "2.1.0", "version": "2.1.0",
"resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
@ -2625,6 +2635,11 @@
"domelementtype": "1.3.0" "domelementtype": "1.3.0"
} }
}, },
"dont-sniff-mimetype": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.0.0.tgz",
"integrity": "sha1-WTKJDcn04vGeXrAqIAJuXl78j1g="
},
"duplexer": { "duplexer": {
"version": "0.1.1", "version": "0.1.1",
"resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.1.tgz", "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.1.tgz",
@ -3294,6 +3309,41 @@
} }
} }
}, },
"expand-range": {
"version": "1.8.2",
"resolved": "https://registry.npmjs.org/expand-range/-/expand-range-1.8.2.tgz",
"integrity": "sha1-opnv/TNf4nIeuujiV+x5ZE/IUzc=",
"requires": {
"fill-range": "2.2.3"
},
"dependencies": {
"fill-range": {
"version": "2.2.3",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-2.2.3.tgz",
"integrity": "sha1-ULd9/X5Gm8dJJHCWNpn+eoSFpyM=",
"requires": {
"is-number": "2.1.0",
"isobject": "2.1.0",
"randomatic": "1.1.7",
"repeat-element": "1.1.2",
"repeat-string": "1.6.1"
}
},
"is-number": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/is-number/-/is-number-2.1.0.tgz",
"integrity": "sha1-Afy7s5NGOlSPL0ZszhbezknbkI8=",
"requires": {
"kind-of": "3.2.2"
}
}
}
},
"expect-ct": {
"version": "0.1.0",
"resolved": "https://registry.npmjs.org/expect-ct/-/expect-ct-0.1.0.tgz",
"integrity": "sha1-UnNWeN4YUwiQ2Ne5XwrGNkCVgJQ="
},
"express": { "express": {
"version": "4.16.2", "version": "4.16.2",
"resolved": "https://registry.npmjs.org/express/-/express-4.16.2.tgz", "resolved": "https://registry.npmjs.org/express/-/express-4.16.2.tgz",
@ -3430,6 +3480,11 @@
"resolved": "https://registry.npmjs.org/file-error/-/file-error-0.10.2.tgz", "resolved": "https://registry.npmjs.org/file-error/-/file-error-0.10.2.tgz",
"integrity": "sha1-ljtIuSc7PUuEtADuVxvHixc5cko=" "integrity": "sha1-ljtIuSc7PUuEtADuVxvHixc5cko="
}, },
"filename-regex": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/filename-regex/-/filename-regex-2.0.1.tgz",
"integrity": "sha1-wcS5vuPglyXdsQa3XB4wH+LxiyY="
},
"filereader": { "filereader": {
"version": "0.10.3", "version": "0.10.3",
"resolved": "https://registry.npmjs.org/filereader/-/filereader-0.10.3.tgz", "resolved": "https://registry.npmjs.org/filereader/-/filereader-0.10.3.tgz",
@ -3616,6 +3671,14 @@
"resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz",
"integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=" "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA="
}, },
"for-own": {
"version": "0.1.5",
"resolved": "https://registry.npmjs.org/for-own/-/for-own-0.1.5.tgz",
"integrity": "sha1-UmXGgaTylNq78XyVCbZ2OqhFEM4=",
"requires": {
"for-in": "1.0.2"
}
},
"foreach": { "foreach": {
"version": "2.0.5", "version": "2.0.5",
"resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz", "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz",
@ -3684,6 +3747,11 @@
"map-cache": "0.2.2" "map-cache": "0.2.2"
} }
}, },
"frameguard": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/frameguard/-/frameguard-3.0.0.tgz",
"integrity": "sha1-e8rUae57lukdEs6zlZx4I1qScuk="
},
"fresh": { "fresh": {
"version": "0.5.2", "version": "0.5.2",
"resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
@ -4620,6 +4688,38 @@
"path-is-absolute": "1.0.1" "path-is-absolute": "1.0.1"
} }
}, },
"glob-base": {
"version": "0.3.0",
"resolved": "https://registry.npmjs.org/glob-base/-/glob-base-0.3.0.tgz",
"integrity": "sha1-27Fk9iIbHAscz4Kuoyi0l98Oo8Q=",
"requires": {
"glob-parent": "2.0.0",
"is-glob": "2.0.1"
},
"dependencies": {
"glob-parent": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz",
"integrity": "sha1-gTg9ctsFT8zPUzbaqQLxgvbtuyg=",
"requires": {
"is-glob": "2.0.1"
}
},
"is-extglob": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-1.0.0.tgz",
"integrity": "sha1-rEaBd8SUNAWgkvyPKXYMb/xiBsA="
},
"is-glob": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/is-glob/-/is-glob-2.0.1.tgz",
"integrity": "sha1-0Jb5JqPe1WAPP9/ZEZjLCIjC2GM=",
"requires": {
"is-extglob": "1.0.0"
}
}
}
},
"glob-parent": { "glob-parent": {
"version": "3.1.0", "version": "3.1.0",
"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz",
@ -4798,6 +4898,25 @@
"sntp": "1.0.9" "sntp": "1.0.9"
} }
}, },
"helmet": {
"version": "3.12.0",
"resolved": "https://registry.npmjs.org/helmet/-/helmet-3.12.0.tgz",
"integrity": "sha512-CgkctpvreQLL6X3EL2Igs/92+75ZFIsrob9/Rdwf2hQCBGH/DxLk4xFPxAAl6jYnnus/YXfFEVXHEJf8TJTwlA==",
"requires": {
"dns-prefetch-control": "0.1.0",
"dont-sniff-mimetype": "1.0.0",
"expect-ct": "0.1.0",
"frameguard": "3.0.0",
"helmet-csp": "2.7.0",
"hide-powered-by": "1.0.0",
"hpkp": "2.0.0",
"hsts": "2.1.0",
"ienoopen": "1.0.0",
"nocache": "2.0.0",
"referrer-policy": "1.1.0",
"x-xss-protection": "1.1.0"
}
},
"helmet-csp": { "helmet-csp": {
"version": "2.7.0", "version": "2.7.0",
"resolved": "https://registry.npmjs.org/helmet-csp/-/helmet-csp-2.7.0.tgz", "resolved": "https://registry.npmjs.org/helmet-csp/-/helmet-csp-2.7.0.tgz",
@ -4810,6 +4929,11 @@
"platform": "1.3.5" "platform": "1.3.5"
} }
}, },
"hide-powered-by": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/hide-powered-by/-/hide-powered-by-1.0.0.tgz",
"integrity": "sha1-SoWtZYgfYoV/xwr3F0oRhNzM4ys="
},
"highlight-es": { "highlight-es": {
"version": "1.0.1", "version": "1.0.1",
"resolved": "https://registry.npmjs.org/highlight-es/-/highlight-es-1.0.1.tgz", "resolved": "https://registry.npmjs.org/highlight-es/-/highlight-es-1.0.1.tgz",
@ -4851,11 +4975,26 @@
"resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.5.0.tgz", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.5.0.tgz",
"integrity": "sha512-pNgbURSuab90KbTqvRPsseaTxOJCZBD0a7t+haSN33piP9cCM4l0CqdzAif2hUqm716UovKB2ROmiabGAKVXyg==" "integrity": "sha512-pNgbURSuab90KbTqvRPsseaTxOJCZBD0a7t+haSN33piP9cCM4l0CqdzAif2hUqm716UovKB2ROmiabGAKVXyg=="
}, },
"hpkp": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/hpkp/-/hpkp-2.0.0.tgz",
"integrity": "sha1-EOFCJk52IVpdMMROxD3mTe5tFnI="
},
"hsts": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/hsts/-/hsts-2.1.0.tgz",
"integrity": "sha512-zXhh/DqgrTXJ7erTN6Fh5k/xjMhDGXCqdYN3wvxUvGUQvnxcFfUd8E+6vLg/nk3ss1TYMb+DhRl25fYABioTvA=="
},
"html-comment-regex": { "html-comment-regex": {
"version": "1.1.1", "version": "1.1.1",
"resolved": "https://registry.npmjs.org/html-comment-regex/-/html-comment-regex-1.1.1.tgz", "resolved": "https://registry.npmjs.org/html-comment-regex/-/html-comment-regex-1.1.1.tgz",
"integrity": "sha1-ZouTd26q5V696POtRkswekljYl4=" "integrity": "sha1-ZouTd26q5V696POtRkswekljYl4="
}, },
"html-entities": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/html-entities/-/html-entities-1.2.1.tgz",
"integrity": "sha1-DfKTUfByEWNRXfueVUPl9u7VFi8="
},
"htmlparser2": { "htmlparser2": {
"version": "3.9.2", "version": "3.9.2",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-3.9.2.tgz", "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-3.9.2.tgz",
@ -4983,6 +5122,11 @@
"resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.8.tgz", "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.8.tgz",
"integrity": "sha1-vjPUCsEO8ZJnAfbwii2G+/0a0+Q=" "integrity": "sha1-vjPUCsEO8ZJnAfbwii2G+/0a0+Q="
}, },
"ienoopen": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/ienoopen/-/ienoopen-1.0.0.tgz",
"integrity": "sha1-NGpCj0dKrI9QzzeE6i0PFvYr2ms="
},
"iferr": { "iferr": {
"version": "0.1.5", "version": "0.1.5",
"resolved": "https://registry.npmjs.org/iferr/-/iferr-0.1.5.tgz", "resolved": "https://registry.npmjs.org/iferr/-/iferr-0.1.5.tgz",
@ -5208,6 +5352,19 @@
} }
} }
}, },
"is-dotfile": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/is-dotfile/-/is-dotfile-1.0.3.tgz",
"integrity": "sha1-pqLzL/0t+wT1yiXs0Pa4PPeYoeE="
},
"is-equal-shallow": {
"version": "0.1.3",
"resolved": "https://registry.npmjs.org/is-equal-shallow/-/is-equal-shallow-0.1.3.tgz",
"integrity": "sha1-IjgJj8Ih3gvPpdnqxMRdY4qhxTQ=",
"requires": {
"is-primitive": "2.0.0"
}
},
"is-es2016-keyword": { "is-es2016-keyword": {
"version": "1.0.0", "version": "1.0.0",
"resolved": "https://registry.npmjs.org/is-es2016-keyword/-/is-es2016-keyword-1.0.0.tgz", "resolved": "https://registry.npmjs.org/is-es2016-keyword/-/is-es2016-keyword-1.0.0.tgz",
@ -5319,6 +5476,16 @@
} }
} }
}, },
"is-posix-bracket": {
"version": "0.1.1",
"resolved": "https://registry.npmjs.org/is-posix-bracket/-/is-posix-bracket-0.1.1.tgz",
"integrity": "sha1-MzTceXdDaOkvAW5vvAqI9c1ua8Q="
},
"is-primitive": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/is-primitive/-/is-primitive-2.0.0.tgz",
"integrity": "sha1-IHurkWOEmcB7Kt8kCkGochADRXU="
},
"is-property": { "is-property": {
"version": "1.0.2", "version": "1.0.2",
"resolved": "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz", "resolved": "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz",
@ -5381,6 +5548,14 @@
"resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
"integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=" "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA="
}, },
"isobject": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz",
"integrity": "sha1-8GVWEJaj8dou9GJy+BXIQNh+DIk=",
"requires": {
"isarray": "1.0.0"
}
},
"isstream": { "isstream": {
"version": "0.1.2", "version": "0.1.2",
"resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz", "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
@ -6192,6 +6367,11 @@
"resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.5.0.tgz", "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.5.0.tgz",
"integrity": "sha512-nJmSswG4As/MkRq7QZFuH/sf/yuv8ODdMZrY4Bedjp77a5MK4A6s7YbBB64c9u79EBUOfXUXBvArmvzTD0X+6g==" "integrity": "sha512-nJmSswG4As/MkRq7QZFuH/sf/yuv8ODdMZrY4Bedjp77a5MK4A6s7YbBB64c9u79EBUOfXUXBvArmvzTD0X+6g=="
}, },
"nocache": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/nocache/-/nocache-2.0.0.tgz",
"integrity": "sha1-ICtIAhoMTL3i34DeFaF0Q8i0OYA="
},
"node-fetch": { "node-fetch": {
"version": "2.1.2", "version": "2.1.2",
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.1.2.tgz", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.1.2.tgz",
@ -6542,6 +6722,15 @@
"es-abstract": "1.10.0" "es-abstract": "1.10.0"
} }
}, },
"object.omit": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/object.omit/-/object.omit-2.0.1.tgz",
"integrity": "sha1-Gpx0SCnznbuFjHbKNXmuKlTr0fo=",
"requires": {
"for-own": "0.1.5",
"is-extendable": "0.1.1"
}
},
"object.pick": { "object.pick": {
"version": "1.3.0", "version": "1.3.0",
"resolved": "https://registry.npmjs.org/object.pick/-/object.pick-1.3.0.tgz", "resolved": "https://registry.npmjs.org/object.pick/-/object.pick-1.3.0.tgz",
@ -6740,6 +6929,32 @@
"pbkdf2": "3.0.14" "pbkdf2": "3.0.14"
} }
}, },
"parse-glob": {
"version": "3.0.4",
"resolved": "https://registry.npmjs.org/parse-glob/-/parse-glob-3.0.4.tgz",
"integrity": "sha1-ssN2z7EfNVE7rdFz7wu246OIORw=",
"requires": {
"glob-base": "0.3.0",
"is-dotfile": "1.0.3",
"is-extglob": "1.0.0",
"is-glob": "2.0.1"
},
"dependencies": {
"is-extglob": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-1.0.0.tgz",
"integrity": "sha1-rEaBd8SUNAWgkvyPKXYMb/xiBsA="
},
"is-glob": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/is-glob/-/is-glob-2.0.1.tgz",
"integrity": "sha1-0Jb5JqPe1WAPP9/ZEZjLCIjC2GM=",
"requires": {
"is-extglob": "1.0.0"
}
}
}
},
"parse-json": { "parse-json": {
"version": "4.0.0", "version": "4.0.0",
"resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz",
@ -7543,6 +7758,11 @@
"resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-1.0.4.tgz", "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-1.0.4.tgz",
"integrity": "sha1-1PRWKwzjaW5BrFLQ4ALlemNdxtw=" "integrity": "sha1-1PRWKwzjaW5BrFLQ4ALlemNdxtw="
}, },
"preserve": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/preserve/-/preserve-0.2.0.tgz",
"integrity": "sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks="
},
"private": { "private": {
"version": "0.1.8", "version": "0.1.8",
"resolved": "https://registry.npmjs.org/private/-/private-0.1.8.tgz", "resolved": "https://registry.npmjs.org/private/-/private-0.1.8.tgz",
@ -7707,6 +7927,25 @@
"resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-1.1.0.tgz", "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-1.1.0.tgz",
"integrity": "sha1-Q2CxfGETatOAeDl/8RQW4Ybc+7g=" "integrity": "sha1-Q2CxfGETatOAeDl/8RQW4Ybc+7g="
}, },
"randomatic": {
"version": "1.1.7",
"resolved": "https://registry.npmjs.org/randomatic/-/randomatic-1.1.7.tgz",
"integrity": "sha512-D5JUjPyJbaJDkuAazpVnSfVkLlpeO3wDlPROTMLGKG1zMFNFRgrciKo1ltz/AzNTkqE0HzDx655QOL51N06how==",
"requires": {
"is-number": "3.0.0",
"kind-of": "4.0.0"
},
"dependencies": {
"kind-of": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz",
"integrity": "sha1-IIE989cSkosgc3hpGkUGb65y3Vc=",
"requires": {
"is-buffer": "1.1.6"
}
}
}
},
"randombytes": { "randombytes": {
"version": "2.0.6", "version": "2.0.6",
"resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.0.6.tgz", "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.0.6.tgz",
@ -7831,6 +8070,11 @@
"balanced-match": "0.4.2" "balanced-match": "0.4.2"
} }
}, },
"referrer-policy": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/referrer-policy/-/referrer-policy-1.1.0.tgz",
"integrity": "sha1-NXdOtzW/UPtsB46DM0tHI1AgfXk="
},
"regenerate": { "regenerate": {
"version": "1.3.3", "version": "1.3.3",
"resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.3.3.tgz", "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.3.3.tgz",
@ -7853,6 +8097,14 @@
"private": "0.1.8" "private": "0.1.8"
} }
}, },
"regex-cache": {
"version": "0.4.4",
"resolved": "https://registry.npmjs.org/regex-cache/-/regex-cache-0.4.4.tgz",
"integrity": "sha512-nVIZwtCjkC9YgvWkpM55B5rBhBYRZhAaJbgcFYXXsHnbZ9UZI9nnVWYZpBlCqv9ho2eZryPnWrZGsOdPwVWXWQ==",
"requires": {
"is-equal-shallow": "0.1.3"
}
},
"regex-not": { "regex-not": {
"version": "1.0.0", "version": "1.0.0",
"resolved": "https://registry.npmjs.org/regex-not/-/regex-not-1.0.0.tgz", "resolved": "https://registry.npmjs.org/regex-not/-/regex-not-1.0.0.tgz",
@ -7884,6 +8136,14 @@
"jsesc": "0.5.0" "jsesc": "0.5.0"
} }
}, },
"relative": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/relative/-/relative-3.0.2.tgz",
"integrity": "sha1-Dc2OxUpdNaPBXhBFA9ZTdbWlNn8=",
"requires": {
"isobject": "2.1.0"
}
},
"remedial": { "remedial": {
"version": "1.0.7", "version": "1.0.7",
"resolved": "https://registry.npmjs.org/remedial/-/remedial-1.0.7.tgz", "resolved": "https://registry.npmjs.org/remedial/-/remedial-1.0.7.tgz",
@ -7982,6 +8242,11 @@
"resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-1.0.1.tgz", "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-1.0.1.tgz",
"integrity": "sha1-l/cXtp1IeE9fUmpsWqj/3aBVpNE=" "integrity": "sha1-l/cXtp1IeE9fUmpsWqj/3aBVpNE="
}, },
"require-relative": {
"version": "0.8.7",
"resolved": "https://registry.npmjs.org/require-relative/-/require-relative-0.8.7.tgz",
"integrity": "sha1-eZlTn8ngR6N5KPoZb44VY9q9Nt4="
},
"require-uncached": { "require-uncached": {
"version": "1.0.3", "version": "1.0.3",
"resolved": "https://registry.npmjs.org/require-uncached/-/require-uncached-1.0.3.tgz", "resolved": "https://registry.npmjs.org/require-uncached/-/require-uncached-1.0.3.tgz",
@ -8112,6 +8377,158 @@
"truncate-utf8-bytes": "1.0.2" "truncate-utf8-bytes": "1.0.2"
} }
}, },
"sapper": {
"version": "github:nolanlawson/sapper#5069987d7d943edb6649eac06163391b7b54832f",
"requires": {
"chalk": "2.3.2",
"chokidar": "1.7.0",
"escape-html": "1.0.3",
"mkdirp": "0.5.1",
"relative": "3.0.2",
"require-relative": "0.8.7",
"rimraf": "2.6.2",
"webpack": "4.5.0",
"webpack-hot-middleware": "2.21.2"
},
"dependencies": {
"ansi-styles": {
"version": "3.2.1",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
"integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
"requires": {
"color-convert": "1.9.1"
}
},
"anymatch": {
"version": "1.3.2",
"resolved": "https://registry.npmjs.org/anymatch/-/anymatch-1.3.2.tgz",
"integrity": "sha512-0XNayC8lTHQ2OI8aljNCN3sSx6hsr/1+rlcDAotXJR7C1oZZHCNsfpbKwMjRA3Uqb5tF1Rae2oloTr4xpq+WjA==",
"requires": {
"micromatch": "2.3.11",
"normalize-path": "2.1.1"
}
},
"arr-diff": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-2.0.0.tgz",
"integrity": "sha1-jzuCf5Vai9ZpaX5KQlasPOrjVs8=",
"requires": {
"arr-flatten": "1.1.0"
}
},
"array-unique": {
"version": "0.2.1",
"resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.2.1.tgz",
"integrity": "sha1-odl8yvy8JiXMcPrc6zalDFiwGlM="
},
"braces": {
"version": "1.8.5",
"resolved": "https://registry.npmjs.org/braces/-/braces-1.8.5.tgz",
"integrity": "sha1-uneWLhLf+WnWt2cR6RS3N4V79qc=",
"requires": {
"expand-range": "1.8.2",
"preserve": "0.2.0",
"repeat-element": "1.1.2"
}
},
"chalk": {
"version": "2.3.2",
"resolved": "https://registry.npmjs.org/chalk/-/chalk-2.3.2.tgz",
"integrity": "sha512-ZM4j2/ld/YZDc3Ma8PgN7gyAk+kHMMMyzLNryCPGhWrsfAuDVeuid5bpRFTDgMH9JBK2lA4dyyAkkZYF/WcqDQ==",
"requires": {
"ansi-styles": "3.2.1",
"escape-string-regexp": "1.0.5",
"supports-color": "5.3.0"
}
},
"chokidar": {
"version": "1.7.0",
"resolved": "https://registry.npmjs.org/chokidar/-/chokidar-1.7.0.tgz",
"integrity": "sha1-eY5ol3gVHIB2tLNg5e3SjNortGg=",
"requires": {
"anymatch": "1.3.2",
"async-each": "1.0.1",
"fsevents": "1.1.3",
"glob-parent": "2.0.0",
"inherits": "2.0.3",
"is-binary-path": "1.0.1",
"is-glob": "2.0.1",
"path-is-absolute": "1.0.1",
"readdirp": "2.1.0"
}
},
"expand-brackets": {
"version": "0.1.5",
"resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-0.1.5.tgz",
"integrity": "sha1-3wcoTjQqgHzXM6xa9yQR5YHRF3s=",
"requires": {
"is-posix-bracket": "0.1.1"
}
},
"extglob": {
"version": "0.3.2",
"resolved": "https://registry.npmjs.org/extglob/-/extglob-0.3.2.tgz",
"integrity": "sha1-Lhj/PS9JqydlzskCPwEdqo2DSaE=",
"requires": {
"is-extglob": "1.0.0"
}
},
"glob-parent": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz",
"integrity": "sha1-gTg9ctsFT8zPUzbaqQLxgvbtuyg=",
"requires": {
"is-glob": "2.0.1"
}
},
"has-flag": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
"integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0="
},
"is-extglob": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-1.0.0.tgz",
"integrity": "sha1-rEaBd8SUNAWgkvyPKXYMb/xiBsA="
},
"is-glob": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/is-glob/-/is-glob-2.0.1.tgz",
"integrity": "sha1-0Jb5JqPe1WAPP9/ZEZjLCIjC2GM=",
"requires": {
"is-extglob": "1.0.0"
}
},
"micromatch": {
"version": "2.3.11",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-2.3.11.tgz",
"integrity": "sha1-hmd8l9FyCzY0MdBNDRUpO9OMFWU=",
"requires": {
"arr-diff": "2.0.0",
"array-unique": "0.2.1",
"braces": "1.8.5",
"expand-brackets": "0.1.5",
"extglob": "0.3.2",
"filename-regex": "2.0.1",
"is-extglob": "1.0.0",
"is-glob": "2.0.1",
"kind-of": "3.2.2",
"normalize-path": "2.1.1",
"object.omit": "2.0.1",
"parse-glob": "3.0.4",
"regex-cache": "0.4.4"
}
},
"supports-color": {
"version": "5.3.0",
"resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.3.0.tgz",
"integrity": "sha512-0aP01LLIskjKs3lq52EC0aGBAJhLq7B2Rd8HC/DR/PtNNpcLilNmHC12O+hu0usQpo7wtHNRqtrhBwtDb0+dNg==",
"requires": {
"has-flag": "3.0.0"
}
}
}
},
"sass-graph": { "sass-graph": {
"version": "2.2.4", "version": "2.2.4",
"resolved": "https://registry.npmjs.org/sass-graph/-/sass-graph-2.2.4.tgz", "resolved": "https://registry.npmjs.org/sass-graph/-/sass-graph-2.2.4.tgz",
@ -10503,6 +10920,17 @@
} }
} }
}, },
"webpack-hot-middleware": {
"version": "2.21.2",
"resolved": "https://registry.npmjs.org/webpack-hot-middleware/-/webpack-hot-middleware-2.21.2.tgz",
"integrity": "sha512-N5c80o31E0COFJV8HRjiX3hJetDOwQ2Ajt5TTORKA9diOimhFtmaZKSfO3pQKMeQngb7I4TUnNDroJiUzPFhKQ==",
"requires": {
"ansi-html": "0.0.7",
"html-entities": "1.2.1",
"querystring": "0.2.0",
"strip-ansi": "3.0.1"
}
},
"webpack-sources": { "webpack-sources": {
"version": "1.1.0", "version": "1.1.0",
"resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-1.1.0.tgz", "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-1.1.0.tgz",
@ -10658,6 +11086,11 @@
"safe-buffer": "5.1.1" "safe-buffer": "5.1.1"
} }
}, },
"x-xss-protection": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/x-xss-protection/-/x-xss-protection-1.1.0.tgz",
"integrity": "sha512-rx3GzJlgEeZ08MIcDsU2vY2B1QEriUKJTSiNHHUIem6eg9pzVOr2TL3Y4Pd6TMAM5D5azGjcxqI62piITBDHVg=="
},
"xml2js": { "xml2js": {
"version": "0.4.19", "version": "0.4.19",
"resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz", "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz",

View file

@ -49,7 +49,7 @@
"font-awesome-svg-png": "^1.2.2", "font-awesome-svg-png": "^1.2.2",
"form-data": "^2.3.2", "form-data": "^2.3.2",
"glob": "^7.1.2", "glob": "^7.1.2",
"helmet-csp": "^2.7.0", "helmet": "^3.12.0",
"indexeddb-getall-shim": "^1.3.1", "indexeddb-getall-shim": "^1.3.1",
"intersection-observer": "^0.5.0", "intersection-observer": "^0.5.0",
"lodash": "^4.17.5", "lodash": "^4.17.5",

View file

@ -3,7 +3,7 @@ const compression = require('compression')
const sapper = require('sapper') const sapper = require('sapper')
const serveStatic = require('serve-static') const serveStatic = require('serve-static')
const app = express() const app = express()
const csp = require('helmet-csp') const helmet = require('helmet')
const headScriptChecksum = require('./inline-script-checksum').checksum const headScriptChecksum = require('./inline-script-checksum').checksum
@ -18,7 +18,8 @@ global.fetch = (url, opts) => {
app.use(compression({ threshold: 0 })) app.use(compression({ threshold: 0 }))
app.use(csp({ app.use(helmet({
contentSecurityPolicy: {
directives: { directives: {
scriptSrc: [`'self'`, `'sha256-${headScriptChecksum}'`], scriptSrc: [`'self'`, `'sha256-${headScriptChecksum}'`],
workerSrc: [`'self'`], workerSrc: [`'self'`],
@ -27,6 +28,7 @@ app.use(csp({
objectSrc: [`'none'`], objectSrc: [`'none'`],
manifestSrc: [`'self'`] manifestSrc: [`'self'`]
} }
}
})) }))
app.use(serveStatic('assets', { app.use(serveStatic('assets', {