- renamings to the new naming convetion for adonisjs version 6

- npm updates
2024-04-29 11:25:50 +02:00 · 2024-04-29 11:25:50 +02:00 · a29865b781
commit a29865b781
parent bee76f8d5b
53 changed files with 701 additions and 731 deletions
--- a/config/shield.ts
+++ b/config/shield.ts
@ -1,134 +1,51 @@
-import { defineConfig } from '@adonisjs/shield';
+import { defineConfig } from '@adonisjs/shield'

-export default defineConfig({
-    csp: {
-        /*
-  |--------------------------------------------------------------------------
-  | Enable/disable CSP
-  |--------------------------------------------------------------------------
-  |
-  | The CSP rules are disabled by default for seamless onboarding.
-  |
-  */
-        enabled: false,
+const shieldConfig = defineConfig({
+  /**
+   * Configure CSP policies for your app. Refer documentation
+   * to learn more
+   */
+  csp: {
+    enabled: false,
+    directives: {},
+    reportOnly: false,
+  },

-        /*
-  |--------------------------------------------------------------------------
-  | Directives
-  |--------------------------------------------------------------------------
-  |
-  | All directives are defined in camelCase and here is the list of
-  | available directives and their possible values.
-  |
-  | https://content-security-policy.com
-  |
-  | @example
-  | directives: {
-  |   defaultSrc: ["'self'", '@nonce', 'cdnjs.cloudflare.com']
-  | }
-  |
-  */
-        directives: {},
+  /**
+   * Configure CSRF protection options. Refer documentation
+   * to learn more
+   */
+  csrf: {
+    enabled: true,
+    exceptRoutes: [],
+    enableXsrfCookie: true,
+    methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
+  },

-        /*
-  |--------------------------------------------------------------------------
-  | Report only
-  |--------------------------------------------------------------------------
-  |
-  | Setting `reportOnly=true` will not block the scripts from running and
-  | instead report them to a URL.
-  |
-  */
-        reportOnly: false,
-    },
-    csrf: {
-        /*
-  |--------------------------------------------------------------------------
-  | Enable/Disable CSRF
-  |--------------------------------------------------------------------------
-  */
-        enabled: true,
+  /**
+   * Control how your website should be embedded inside
+   * iFrames
+   */
+  xFrame: {
+    enabled: true,
+    action: 'DENY',
+  },

-        /*
-  |--------------------------------------------------------------------------
-  | Routes to Ignore
-  |--------------------------------------------------------------------------
-  |
-  | Define an array of route patterns that you want to ignore from CSRF
-  | validation. Make sure the route patterns are started with a leading
-  | slash. Example:
-  |
-  | `/foo/bar`
-    |
-    | Also you can define a function that is evaluated on every HTTP Request.
-    | ```
-    |  exceptRoutes: ({ request }) => request.url().includes('/api')
-    | ```
-  |
-  */
-        exceptRoutes: [],
+  /**
+   * Force browser to always use HTTPS
+   */
+  hsts: {
+    enabled: true,
+    maxAge: '180 days',
+  },

-        /*
-  |--------------------------------------------------------------------------
-  | Enable Sharing Token Via Cookie
-  |--------------------------------------------------------------------------
-  |
-  | When the following flag is enabled, AdonisJS will drop `XSRF-TOKEN`
-  | cookie that frontend frameworks can read and return back as a
-  | `X-XSRF-TOKEN` header.
-  |
-  | The cookie has `httpOnly` flag set to false, so it is little insecure and
-  | can be turned off when you are not using a frontend framework making
-  | AJAX requests.
-  |
-  */
-        enableXsrfCookie: true,
+  /**
+   * Disable browsers from sniffing the content type of a
+   * response and always rely on the "content-type" header.
+   */
+  contentTypeSniffing: {
+    enabled: true,
+  },
+})

-        /*
-  |--------------------------------------------------------------------------
-  | Methods to Validate
-  |--------------------------------------------------------------------------
-  |
-  | Define an array of HTTP methods to be validated for a valid CSRF token.
-  |
-  */
-        methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
-    },
-    hsts: {
-        enabled: true,
-        /*
-  |--------------------------------------------------------------------------
-  | Max Age
-  |--------------------------------------------------------------------------
-  |
-  | Control, how long the browser should remember that a site is only to be
-  | accessed using HTTPS.
-  |
-  */
-        maxAge: '180 days',
-
-        /*
-  |--------------------------------------------------------------------------
-  | Include Subdomains
-  |--------------------------------------------------------------------------
-  |
-  | Apply rules on the subdomains as well.
-  |
-  */
-        includeSubDomains: true,
-
-        /*
-  |--------------------------------------------------------------------------
-  | Preloading
-  |--------------------------------------------------------------------------
-  |
-  | Google maintains a service to register your domain and it will preload
-  | the HSTS policy. Learn more https://hstspreload.org/
-  |
-  */
-        preload: false,
-    },
-    contentTypeSniffing: {
-        enabled: true,
-    },
-});
+export default shieldConfig