From 067592df50dde0681017dd7ceee3ad2322c2b49b Mon Sep 17 00:00:00 2001 From: tenthirtyone Date: Tue, 22 Aug 2017 01:44:51 -0400 Subject: [PATCH] helmet and static expires header --- server/lib/api/index.js | 16 +++------------- server/package.json | 1 + 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/server/lib/api/index.js b/server/lib/api/index.js index 0a1caf1..27692f6 100644 --- a/server/lib/api/index.js +++ b/server/lib/api/index.js @@ -1,29 +1,19 @@ const express = require('express'); const config = require('../../config'); const bodyParser = require('body-parser'); +const helmet = require('helmet'); const app = express(); const api = express.Router(); const cors = require('./cors'); app.use(cors); +app.use(helmet()); app.use(bodyParser.urlencoded({ extended: false })); app.use(bodyParser.json()); // Serve insight ui front end from root dir public folder -app.use(express.static('../app/www')); -app.use('/:stuff', express.static('../app/www')); -app.use('/blocks', express.static('../app/www')); -app.use('/blocks/:blockhash', express.static('../app/www')); -app.use('/block-index', express.static('../app/www')); -app.use('/block-index/:height', express.static('../app/www')); -app.use('/blocks-date/:date', express.static('../app/www')); -app.use('/block/:blockhash', express.static('../app/www')); -app.use('/tx/:txid', express.static('../app/www')); -app.use('/address/:addr', express.static('../app/www')); -app.use('/status', express.static('../app/www')); -app.use('/status/:stuff', express.static('../app/www')); -app.use('/status/:stuff', express.static('../app/www')); +app.use(express.static('../app/www', { maxage: '1w' })); app.set('json spaces', config.api.json_spaces); diff --git a/server/package.json b/server/package.json index 7a31453..acdc50d 100644 --- a/server/package.json +++ b/server/package.json @@ -17,6 +17,7 @@ "bitcore-message": "^1.0.4", "body-parser": "^1.17.2", "express": "^4.15.3", + "helmet": "^3.8.1", "mongoose": "^4.11.5", "request": "^2.81.0", "socket.io": "^2.0.3",