1 files changed, 0 insertions, 144 deletions
diff --git a/config/shield.js b/config/shield.js
deleted file mode 100644
index 9849d29..0000000
--- a/config/shield.js
+++ /dev/null
@@ -1,144 +0,0 @@
-module.exports = {
-  /*
-  |--------------------------------------------------------------------------
-  | Content Security Policy
-  |--------------------------------------------------------------------------
-  |
-  | Content security policy filters out the origins not allowed to execute
-  | and load resources like scripts, styles and fonts. There are wide
-  | variety of options to choose from.
-  */
-  csp: {
-    /*
-    |--------------------------------------------------------------------------
-    | Directives
-    |--------------------------------------------------------------------------
-    |
-    | All directives are defined in camelCase and here is the list of
-    | available directives and their possible values.
-    |
-    | https://content-security-policy.com
-    |
-    | @example
-    | directives: {
-    |   defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
-    | }
-    |
-    */
-    directives: {
-    },
-    /*
-    |--------------------------------------------------------------------------
-    | Report only
-    |--------------------------------------------------------------------------
-    |
-    | Setting `reportOnly=true` will not block the scripts from running and
-    | instead report them to a URL.
-    |
-    */
-    reportOnly: false,
-    /*
-    |--------------------------------------------------------------------------
-    | Set all headers
-    |--------------------------------------------------------------------------
-    |
-    | Headers staring with `X` have been depreciated, since all major browsers
-    | supports the standard CSP header. So its better to disable deperciated
-    | headers, unless you want them to be set.
-    |
-    */
-    setAllHeaders: false,
-    /*
-    |--------------------------------------------------------------------------
-    | Disable on android
-    |--------------------------------------------------------------------------
-    |
-    | Certain versions of android are buggy with CSP policy. So you can set
-    | this value to true, to disable it for Android versions with buggy
-    | behavior.
-    |
-    | Here is an issue reported on a different package, but helpful to read
-    | if you want to know the behavior. https://github.com/helmetjs/helmet/pull/82
-    |
-    */
-    disableAndroid: true,
-  },
-  /*
-  |--------------------------------------------------------------------------
-  | X-XSS-Protection
-  |--------------------------------------------------------------------------
-  |
-  | X-XSS Protection saves from applications from XSS attacks. It is adopted
-  | by IE and later followed by some other browsers.
-  |
-  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
-  |
-  */
-  xss: {
-    enabled: true,
-    enableOnOldIE: false,
-  },
-  /*
-  |--------------------------------------------------------------------------
-  | Iframe Options
-  |--------------------------------------------------------------------------
-  |
-  | xframe defines whether or not your website can be embedded inside an
-  | iframe. Choose from one of the following options.
-  | @available options
-  | DENY, SAMEORIGIN, ALLOW-FROM http://example.com
-  |
-  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-  */
-  xframe: 'DENY',
-  /*
-  |--------------------------------------------------------------------------
-  | No Sniff
-  |--------------------------------------------------------------------------
-  |
-  | Browsers have a habit of sniffing content-type of a response. Which means
-  | files with .txt extension containing Javascript code will be executed as
-  | Javascript. You can disable this behavior by setting nosniff to false.
-  |
-  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-  |
-  */
-  nosniff: true,
-  /*
-  |--------------------------------------------------------------------------
-  | No Open
-  |--------------------------------------------------------------------------
-  |
-  | IE users can execute webpages in the context of your website, which is
-  | a serious security risk. Below option will manage this for you.
-  |
-  */
-  noopen: true,
-  /*
-  |--------------------------------------------------------------------------
-  | CSRF Protection
-  |--------------------------------------------------------------------------
-  |
-  | CSRF Protection adds another layer of security by making sure, actionable
-  | routes does have a valid token to execute an action.
-  |
-  */
-  csrf: {
-    enable: true,
-    methods: ['POST', 'PUT', 'DELETE'],
-    filterUris: [],
-    cookieOptions: {
-      httpOnly: true,
-      sameSite: true,
-      path: '/',
-      maxAge: 7200,
-    },
-  },
-};

diff --git a/config/shield.js b/config/shield.js deleted file mode 100644 index 9849d29..0000000 --- a/config/shield.js +++ /dev/null
@@ -1,144 +0,0 @@
1
2	module.exports = {
3	/*
4	\|--------------------------------------------------------------------------
5	\| Content Security Policy
6	\|--------------------------------------------------------------------------
7	\|
8	\| Content security policy filters out the origins not allowed to execute
9	\| and load resources like scripts, styles and fonts. There are wide
10	\| variety of options to choose from.
11	*/
12	csp: {
13	/*
14	\|--------------------------------------------------------------------------
15	\| Directives
16	\|--------------------------------------------------------------------------
17	\|
18	\| All directives are defined in camelCase and here is the list of
19	\| available directives and their possible values.
20	\|
21	\| https://content-security-policy.com
22	\|
23	\| @example
24	\| directives: {
25	\| defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
26	\| }
27	\|
28	*/
29	directives: {
30	},
31	/*
32	\|--------------------------------------------------------------------------
33	\| Report only
34	\|--------------------------------------------------------------------------
35	\|
36	\| Setting `reportOnly=true` will not block the scripts from running and
37	\| instead report them to a URL.
38	\|
39	*/
40	reportOnly: false,
41	/*
42	\|--------------------------------------------------------------------------
43	\| Set all headers
44	\|--------------------------------------------------------------------------
45	\|
46	\| Headers staring with `X` have been depreciated, since all major browsers
47	\| supports the standard CSP header. So its better to disable deperciated
48	\| headers, unless you want them to be set.
49	\|
50	*/
51	setAllHeaders: false,
52
53	/*
54	\|--------------------------------------------------------------------------
55	\| Disable on android
56	\|--------------------------------------------------------------------------
57	\|
58	\| Certain versions of android are buggy with CSP policy. So you can set
59	\| this value to true, to disable it for Android versions with buggy
60	\| behavior.
61	\|
62	\| Here is an issue reported on a different package, but helpful to read
63	\| if you want to know the behavior. https://github.com/helmetjs/helmet/pull/82
64	\|
65	*/
66	disableAndroid: true,
67	},
68
69	/*
70	\|--------------------------------------------------------------------------
71	\| X-XSS-Protection
72	\|--------------------------------------------------------------------------
73	\|
74	\| X-XSS Protection saves from applications from XSS attacks. It is adopted
75	\| by IE and later followed by some other browsers.
76	\|
77	\| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
78	\|
79	*/
80	xss: {
81	enabled: true,
82	enableOnOldIE: false,
83	},
84
85	/*
86	\|--------------------------------------------------------------------------
87	\| Iframe Options
88	\|--------------------------------------------------------------------------
89	\|
90	\| xframe defines whether or not your website can be embedded inside an
91	\| iframe. Choose from one of the following options.
92	\| @available options
93	\| DENY, SAMEORIGIN, ALLOW-FROM http://example.com
94	\|
95	\| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
96	*/
97	xframe: 'DENY',
98
99	/*
100	\|--------------------------------------------------------------------------
101	\| No Sniff
102	\|--------------------------------------------------------------------------
103	\|
104	\| Browsers have a habit of sniffing content-type of a response. Which means
105	\| files with .txt extension containing Javascript code will be executed as
106	\| Javascript. You can disable this behavior by setting nosniff to false.
107	\|
108	\| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
109	\|
110	*/
111	nosniff: true,
112
113	/*
114	\|--------------------------------------------------------------------------
115	\| No Open
116	\|--------------------------------------------------------------------------
117	\|
118	\| IE users can execute webpages in the context of your website, which is
119	\| a serious security risk. Below option will manage this for you.
120	\|
121	*/
122	noopen: true,
123
124	/*
125	\|--------------------------------------------------------------------------
126	\| CSRF Protection
127	\|--------------------------------------------------------------------------
128	\|
129	\| CSRF Protection adds another layer of security by making sure, actionable
130	\| routes does have a valid token to execute an action.
131	\|
132	*/
133	csrf: {
134	enable: true,
135	methods: ['POST', 'PUT', 'DELETE'],
136	filterUris: [],
137	cookieOptions: {
138	httpOnly: true,
139	sameSite: true,
140	path: '/',
141	maxAge: 7200,
142	},
143	},
144	};