Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: 使用helmet中间件自定义http安全策略 #7020

Open
baozhoutao opened this issue Sep 29, 2024 · 0 comments
Open

[Feature]: 使用helmet中间件自定义http安全策略 #7020

baozhoutao opened this issue Sep 29, 2024 · 0 comments
Assignees
@baozhoutao
Labels
done 开发已完成 new feature
Milestone
2.6

Comments

@baozhoutao
Copy link
Contributor

baozhoutao commented Sep 29, 2024
edited
Loading

Summary 摘要

1 通过环境变量启用helmet中间件: STEEDOS_HTTP_ENABLED_HELMET=true 默认值为false
2 通过使用项目根路径下的steedos.config.js中settints.helmet = {...} 来显示自定义helmet配置. 例如:

...
settings: {
    helmet: {
	contentSecurityPolicy: false,
	crossOriginEmbedderPolicy: false,
	crossOriginOpenerPolicy: false,
	crossOriginResourcePolicy: false,
    }
...
}
...

helmet 使用文档: https://helmetjs.github.io/#get-started

Why should this be worked on? 此需求的应用场景?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@baozhoutao baozhoutao

Labels
done 开发已完成 new feature
Projects
None yet
Milestone
2.6
Development

No branches or pull requests
1 participant
@baozhoutao