//CSP RELATED FUNCTIONS
/*
* Configure and return the content-security-policy middleware.
*/
function useCSP(cspopt, opt, env){
cspopt["report-uri"] = opt["proxyPrefix"] + opt["reportRoute"];
cspopt["report-only"] = opt["cspReportOnly"];
console.log("CSP: using following configuration:");
console.log(util.inspect(cspopt));
if(opt["cspReportOnly"] && (env !== 'testing' || env !== 'development')){
console.log("WARNINNG: CSP report-only mode on! This is NOT recommended in a production environment!");
}
return csp.getCSP(cspopt);
}
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var config = require('../shopXX-ierg4210.config.js');
//var expressValidator = require('express-validator');
var csp = require('content-security-policy');
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
var csrf = require('csurf');
var cspPolicy = {
'Content-Security-Policy': "default-src 'self' 127.0.0.1",
'X-Content-Security-Policy': "default-src 'self' 127.0.0.1",
'X-WebKit-CSP': "default-src 'self' 127.0.0.1",
};
var globalCSP = csp.getCSP(cspPolicy);
var app = express.Router();
app.use(globalCSP);
var csrfProtection = csrf({ cookie: true });
var parseForm = bodyParser.urlencoded({ extended: false });
app.use(cookieParser());
var pool = anyDB.createPool(config.dbURI, {
min: 2, max: 10
});
app.use(session({
// store:new RedisStore({
// host:'127.0.0.1',