geolba/tethys.backend
geolba/tethys.backend
2
0
Fork 2
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

- update to AdonisJS 6
Some checks failed
CI Pipeline / japa-tests (push) Failing after 1m15s
Details

Browse source
This commit is contained in:
Kaimbacher 2024-03-14 20:25:27 +01:00
parent f828ca4491
commit cb51a4136f
167 changed files with 21485 additions and 21212 deletions
Download patch file Download diff file Expand all files Collapse all files

179
config/shield.ts
View file

@ -1,24 +1,8 @@
/**
* Config source: https://git.io/Jvwvt
*
* Feel free to let us know via PR, if you find something broken in this config
* file.
*/
import { defineConfig } from '@adonisjs/shield';
// import Env from '@ioc:Adonis/Core/Env'
import { ShieldConfig } from '@ioc:Adonis/Addons/Shield';
/*
|--------------------------------------------------------------------------
| Content Security Policy
|--------------------------------------------------------------------------
|
| Content security policy filters out the origins not allowed to execute
| and load resources like scripts, styles and fonts. There are wide
| variety of options to choose from.
*/
export const csp: ShieldConfig['csp'] = {
/*
export default defineConfig({
csp: {
/*
|--------------------------------------------------------------------------
| Enable/disable CSP
|--------------------------------------------------------------------------
@ -26,9 +10,9 @@ export const csp: ShieldConfig['csp'] = {
| The CSP rules are disabled by default for seamless onboarding.
|
*/
enabled: false,
enabled: false,
/*
/*
|--------------------------------------------------------------------------
| Directives
|--------------------------------------------------------------------------
@ -44,9 +28,9 @@ export const csp: ShieldConfig['csp'] = {
| }
|
*/
directives: {},
directives: {},
/*
/*
|--------------------------------------------------------------------------
| Report only
|--------------------------------------------------------------------------
@ -55,27 +39,17 @@ export const csp: ShieldConfig['csp'] = {
| instead report them to a URL.
|
*/
reportOnly: false,
};
/*
|--------------------------------------------------------------------------
| CSRF Protection
|--------------------------------------------------------------------------
|
| CSRF Protection adds another layer of security by making sure, actionable
| routes does have a valid token to execute an action.
|
*/
export const csrf: ShieldConfig['csrf'] = {
/*
reportOnly: false,
},
csrf: {
/*
|--------------------------------------------------------------------------
| Enable/Disable CSRF
|--------------------------------------------------------------------------
*/
enabled: true,
enabled: true,
/*
/*
|--------------------------------------------------------------------------
| Routes to Ignore
|--------------------------------------------------------------------------
@ -85,16 +59,16 @@ export const csrf: ShieldConfig['csrf'] = {
| slash. Example:
|
| `/foo/bar`
|
| Also you can define a function that is evaluated on every HTTP Request.
| ```
| exceptRoutes: ({ request }) => request.url().includes('/api')
| ```
|
| Also you can define a function that is evaluated on every HTTP Request.
| ```
| exceptRoutes: ({ request }) => request.url().includes('/api')
| ```
|
*/
exceptRoutes: [],
exceptRoutes: [],
/*
/*
|--------------------------------------------------------------------------
| Enable Sharing Token Via Cookie
|--------------------------------------------------------------------------
@ -108,9 +82,9 @@ export const csrf: ShieldConfig['csrf'] = {
| AJAX requests.
|
*/
enableXsrfCookie: true,
enableXsrfCookie: true,
/*
/*
|--------------------------------------------------------------------------
| Methods to Validate
|--------------------------------------------------------------------------
@ -118,76 +92,11 @@ export const csrf: ShieldConfig['csrf'] = {
| Define an array of HTTP methods to be validated for a valid CSRF token.
|
*/
methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
};
/*
|--------------------------------------------------------------------------
| DNS Prefetching
|--------------------------------------------------------------------------
|
| DNS prefetching allows browsers to proactively perform domain name
| resolution in background.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
|
*/
export const dnsPrefetch: ShieldConfig['dnsPrefetch'] = {
/*
|--------------------------------------------------------------------------
| Enable/disable this feature
|--------------------------------------------------------------------------
*/
enabled: true,
/*
|--------------------------------------------------------------------------
| Allow or Dis-Allow Explicitly
|--------------------------------------------------------------------------
|
| The `enabled` boolean does not set `X-DNS-Prefetch-Control` header. However
| the `allow` boolean controls the value of `X-DNS-Prefetch-Control` header.
|
| - When `allow = true`, then `X-DNS-Prefetch-Control = 'on'`
| - When `allow = false`, then `X-DNS-Prefetch-Control = 'off'`
|
*/
allow: true,
};
/*
|--------------------------------------------------------------------------
| Iframe Options
|--------------------------------------------------------------------------
|
| xFrame defines whether or not your website can be embedded inside an
| iframe. Choose from one of the following options.
|
| - DENY
| - SAMEORIGIN
| - ALLOW-FROM http://example.com
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
*/
export const xFrame: ShieldConfig['xFrame'] = {
enabled: true,
action: 'DENY',
};
/*
|--------------------------------------------------------------------------
| Http Strict Transport Security
|--------------------------------------------------------------------------
|
| A security to ensure that a browser always makes a connection over
| HTTPS.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
|
*/
export const hsts: ShieldConfig['hsts'] = {
enabled: true,
/*
methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
},
hsts: {
enabled: true,
/*
|--------------------------------------------------------------------------
| Max Age
|--------------------------------------------------------------------------
@ -196,9 +105,9 @@ export const hsts: ShieldConfig['hsts'] = {
| accessed using HTTPS.
|
*/
maxAge: '180 days',
maxAge: '180 days',
/*
/*
|--------------------------------------------------------------------------
| Include Subdomains
|--------------------------------------------------------------------------
@ -206,9 +115,9 @@ export const hsts: ShieldConfig['hsts'] = {
| Apply rules on the subdomains as well.
|
*/
includeSubDomains: true,
includeSubDomains: true,
/*
/*
|--------------------------------------------------------------------------
| Preloading
|--------------------------------------------------------------------------
@ -217,21 +126,9 @@ export const hsts: ShieldConfig['hsts'] = {
| the HSTS policy. Learn more https://hstspreload.org/
|
*/
preload: false,
};
/*
|--------------------------------------------------------------------------
| No Sniff
|--------------------------------------------------------------------------
|
| Browsers have a habit of sniffing content-type of a response. Which means
| files with .txt extension containing Javascript code will be executed as
| Javascript. You can disable this behavior by setting nosniff to false.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
*/
export const contentTypeSniffing: ShieldConfig['contentTypeSniffing'] = {
enabled: true,
};
preload: false,
},
contentTypeSniffing: {
enabled: true,
},
});