Initial commit

2025-07-23 07:09:44 +02:00 · 2019-08-31 04:07:25 +05:00 · 2019-08-31 04:07:25 +05:00 · 5ffef61fe7
commit 5ffef61fe7
613 changed files with 91659 additions and 0 deletions
--- a/server/config/security.js
+++ b/server/config/security.js
@ -0,0 +1,52 @@
+/**
+ * Security Settings
+ * (sails.config.security)
+ *
+ * These settings affect aspects of your app's security, such
+ * as how it deals with cross-origin requests (CORS) and which
+ * routes require a CSRF token to be included with the request.
+ *
+ * For an overview of how Sails handles security, see:
+ * https://sailsjs.com/documentation/concepts/security
+ *
+ * For additional options and more information, see:
+ * https://sailsjs.com/config/security
+ */
+
+module.exports.security = {
+  /***************************************************************************
+  *                                                                          *
+  * CORS is like a more modern version of JSONP-- it allows your application *
+  * to circumvent browsers' same-origin policy, so that the responses from   *
+  * your Sails app hosted on one domain (e.g. example.com) can be received   *
+  * in the client-side JavaScript code from a page you trust hosted on _some *
+  * other_ domain (e.g. trustedsite.net).                                    *
+  *                                                                          *
+  * For additional options and more information, see:                        *
+  * https://sailsjs.com/docs/concepts/security/cors                          *
+  *                                                                          *
+  ***************************************************************************/
+
+  cors: {
+    allRoutes: true,
+    allowOrigins: ['http://localhost:3000'],
+    allowRequestHeaders: ['Authorization'],
+    allowCredentials: false,
+  },
+
+  /****************************************************************************
+  *                                                                           *
+  * By default, Sails' built-in CSRF protection is disabled to facilitate     *
+  * rapid development.  But be warned!  If your Sails app will be accessed by *
+  * web browsers, you should _always_ enable CSRF protection before deploying *
+  * to production.                                                            *
+  *                                                                           *
+  * To enable CSRF protection, set this to `true`.                            *
+  *                                                                           *
+  * For more information, see:                                                *
+  * https://sailsjs.com/docs/concepts/security/csrf                           *
+  *                                                                           *
+  ****************************************************************************/
+
+  // csrf: false,
+};