-
Notifications
You must be signed in to change notification settings - Fork 9
/
server.js
39 lines (32 loc) · 1.38 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
require("dotenv").config();
const express = require("express");
const app = express();
const history = require("connect-history-api-fallback");
let port = process.env.PORT || 3000;
const prerenderToken = process.env.VUE_PRERENDER_TOKEN;
if (prerenderToken) {
app.use(require("prerender-node").set("prerenderToken", prerenderToken));
}
app.use(history());
app.set("x-powered-by", false);
let cacheTime = 86400000 * 7; //7 day cache for assets
app.use(function (req, res, next) {
res.setHeader("X-Frame-Options", "DENY"); //https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
//res.setHeader('Content-Security-Policy', 'default-src \'self\' *.stellarbeat.io');//https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
res.setHeader("X-XSS-Protection", "1"); //https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
res.setHeader("X-Content-Type-Options", "nosniff");
if (
req.url.match(/^\/(css|js|img|fonts)\/.+/) ||
req.url.match(/^\/favicon.ico$/) ||
req.url.match(/^\/.*\.worker.js$/)
) {
res.setHeader("Cache-Control", "public, max-age=" + cacheTime); // cache header
}
next();
});
app.get(["/schemas/*.json"], function (req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*"); // allow cors access
next();
});
app.use(express.static("dist"));
app.listen(port, () => console.log("app listening on port: " + port));