abrendan_dev/MicDropMessages
1
0
Fork 0
mirror of https://github.com/abrendan/MicDropMessages.git synced 2025-08-25 22:12:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
abrendan
2023-11-30 14:15:19 +00:00
commit e4599df811
5457 changed files with 500139 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
node_modules/helmet-crossdomain/README.md generated vendored Normal file
View File

@@ -0,0 +1,24 @@
X-Permitted-Cross-Domain-Policies middleware
============================================
[![Build Status](https://travis-ci.org/helmetjs/crossdomain.svg?branch=master)](https://travis-ci.org/helmetjs/crossdomain)
The `X-Permitted-Cross-Domain-Policies` header tells some web clients (like Adobe Flash or Adobe Acrobat) your domain's policy for loading cross-domain content. See the description on [OWASP](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Permitted-Cross-Domain-Policies) for more.
Usage:
```javascript
const crossdomain = require('helmet-crossdomain')
// Sets X-Permitted-Cross-Domain-Policies: none
app.use(crossdomain())
// You can use any of the following values:
app.use(crossdomain({ permittedPolicies: 'none' }))
app.use(crossdomain({ permittedPolicies: 'master-only' }))
app.use(crossdomain({ permittedPolicies: 'by-content-type' }))
app.use(crossdomain({ permittedPolicies: 'all' }))
```
The `by-ftp-type` is not currently supported. Please open an issue or pull request if you desire this feature!
If you don't expect Adobe products to load data from your site, you get a minor security benefit by adding this header.