adonis-shield-no-session
v1.1.4
Published
Adonis shield is middleware to standard HTTP websites to protect themselves from common web attacks like xss and csp. This version do not use session.
Downloads
15
Maintainers
Readme
❕ Not official adonis shield repo. Only use this package when you need to use shield without session provider (cookies).
Adonis Shield wihout session (v4 only)🛡️
Adonis shield is middleware to standard HTTP websites to protect themselves from common web attacks like xss and csp.
NOTE: You don't need this middleware if you are writing an API server.
Difference between this package and official
This package do not use session provider.
CSRF protection has been disabled because it requires cookies.
Installation
adonis install adonis-shield-no-session
What's in the box?
- Support to define CSP policies.
- Setup X-Content-Type-Options header.
- Setup X-Frame-Options header.
- Setup X-XSS-Protection header.
Setup
Checkout instructions file on how to setup this inside Adonisjs application.
Node/OS Target
This repo/branch is supposed to run fine on all major OS platforms and targets Node.js >=7.0
Development
Great! If you are planning to contribute to the framework, make sure to adhere to following conventions, since a consistent code-base is always joy to work with.
Run the following command to see list of available npm scripts.
npm run
Tests & Linting
- Lint your code using standardJs. Run
npm run lint
command to check if there are any linting errors. - Make sure you write tests for all the changes/bug fixes.
- Also you can write regression tests, which shows that something is failing but doesn't breaks the build. Which is actually a nice way to show that something fails. Regression tests are written using
test.failing()
method. - Make sure all the tests are passing on
travis
andappveyor
.
General Practices
Since Es6 is in, you should strive to use latest features. For example:
- Use
Spread
overarguments
keyword. - Never use
bind
orcall
. After calling these methods, we cannot guarantee the scope of any methods and in AdonisJs codebase we do not override the methods scope. - Make sure to write proper docblock.
Issues & PR
It is always helpful if we try to follow certain practices when creating issues or PR's, since it will save everyone's time.
- Always try creating regression tests when you find a bug (if possible).
- Share some context on what you are trying to do, with enough code to reproduce the issue.
- For general questions, please create a forum thread.
- When creating a PR for a feature, make sure to create a parallel PR for docs too.
Regression Tests
Regression tests are tests, which shows how a piece of code fails under certain circumstance, but the beauty is even after the failure, the test suite will never fail. Actually is a nice way to notify about bugs, but making sure everything is green.
The regression tests are created using
test.failing('2 + 2 is always 4, but add method returns 6', (assert) => {
assert.true(add(2, 2), 4)
})
Now since the add
method has a bug, it will return 6
instead of 4
. But the build will pass.