35 lines
No EOL
1.5 KiB
TypeScript
35 lines
No EOL
1.5 KiB
TypeScript
import type { FastifyReply } from "fastify";
|
|
|
|
export default abstract class HeaderUtility {
|
|
public static BakedHeaders = {
|
|
"x-powered-by": "EUS",
|
|
"rel": "cute",
|
|
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
|
|
"X-XSS-Protection": "1; mode=block",
|
|
"Permissions-Policy": "microphone=(), geolocation=(), magnetometer=(), camera=(), payment=(), usb=(), accelerometer=(), gyroscope=()",
|
|
"Referrer-Policy": "strict-origin-when-cross-origin",
|
|
"Content-Security-Policy": "block-all-mixed-content;frame-ancestors 'self'",
|
|
"X-Frame-Options": "SAMEORIGIN",
|
|
"X-Content-Type-Options": "nosniff"
|
|
};
|
|
|
|
public static AddBakedHeaders(res: FastifyReply) {
|
|
/*res.header("x-powered-by", "EUS");
|
|
res.header("rel", "cute");
|
|
res.header("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
|
|
res.header("X-XSS-Protection", "1; mode=block");
|
|
res.header("Permissions-Policy", "microphone=(), geolocation=(), magnetometer=(), camera=(), payment=(), usb=(), accelerometer=(), gyroscope=()");
|
|
res.header("Referrer-Policy", "strict-origin-when-cross-origin");
|
|
res.header("Content-Security-Policy", "block-all-mixed-content;frame-ancestors 'self'");
|
|
res.header("X-Frame-Options", "SAMEORIGIN");
|
|
res.header("X-Content-Type-Options", "nosniff");*/
|
|
res.headers(this.BakedHeaders);
|
|
}
|
|
|
|
public static CombineHeaders(headers: any) {
|
|
// for (const header of Object.keys(headers)) {
|
|
// res.header(header, headers[header]);
|
|
// }
|
|
return { ...this.BakedHeaders, ...headers };
|
|
}
|
|
} |