nodebb/src/middleware/headers.js

'use strict';


var _ = require('underscore');

var meta = require('../meta');

module.exports = function (middleware) {

	middleware.addHeaders = function (req, res, next) {
		var defaults = {
			'X-Powered-By': 'NodeBB',
			'X-Frame-Options': 'SAMEORIGIN',
			'Access-Control-Allow-Origin': 'null'	// yes, string null.
		};
		var headers = {
			'X-Powered-By': encodeURI(meta.config['powered-by']),
			'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : undefined,
			'Access-Control-Allow-Origin': encodeURI(meta.config['access-control-allow-origin']),
			'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods']),
			'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'])
		};

		_.defaults(headers, defaults);
		headers = _.pick(headers, Boolean);		// Remove falsy headers

		for (var key in headers) {
			if (headers.hasOwnProperty(key)) {
				res.setHeader(key, headers[key]);
			}
		}

		next();
	};

	middleware.addExpiresHeaders = function (req, res, next) {
		if (req.app.enabled('cache')) {
			res.setHeader("Cache-Control", "public, max-age=5184000");
			res.setHeader("Expires", new Date(Date.now() + 5184000000).toUTCString());
		} else {
			res.setHeader("Cache-Control", "public, max-age=0");
			res.setHeader("Expires", new Date().toUTCString());
		}

		next();
	};

};
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`'use strict';`


			`var _ = require('underscore');`

encodeURIComponent header values 8 years ago			`var meta = require('../meta');`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago
Fix space-before-function-paren linter rule 8 years ago			`module.exports = function (middleware) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago
			`middleware.addHeaders = function (req, res, next) {`
			`var defaults = {`
			`'X-Powered-By': 'NodeBB',`
			`'X-Frame-Options': 'SAMEORIGIN',`
			`'Access-Control-Allow-Origin': 'null' // yes, string null.`
			`};`
			`var headers = {`
fixes #5230 8 years ago			`'X-Powered-By': encodeURI(meta.config['powered-by']),`
			`'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : undefined,`
			`'Access-Control-Allow-Origin': encodeURI(meta.config['access-control-allow-origin']),`
			`'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods']),`
			`'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'])`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`};`

			`_.defaults(headers, defaults);`
			`headers = _.pick(headers, Boolean); // Remove falsy headers`

encodeURIComponent header values 8 years ago			`for (var key in headers) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`if (headers.hasOwnProperty(key)) {`
fixes #5230 8 years ago			`res.setHeader(key, headers[key]);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`}`
			`}`

			`next();`
			`};`

Fix space-before-function-paren linter rule 8 years ago			`middleware.addExpiresHeaders = function (req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`if (req.app.enabled('cache')) {`
			`res.setHeader("Cache-Control", "public, max-age=5184000");`
			`res.setHeader("Expires", new Date(Date.now() + 5184000000).toUTCString());`
			`} else {`
			`res.setHeader("Cache-Control", "public, max-age=0");`
			`res.setHeader("Expires", new Date().toUTCString());`
			`}`

			`next();`
			`};`

			`};`