| 72 | } |
| 73 | |
| 74 | function addMiddleware(server) { |
| 75 | if (process.env.NODE_ENV === 'production') { |
| 76 | server.use(morgan('combined')) |
| 77 | server.use(compression()) |
| 78 | server.use(express.static(PUBLIC_DIR, { maxAge: 31536000000 })) |
| 79 | } else { |
| 80 | server.use(morgan('dev')) |
| 81 | } |
| 82 | |
| 83 | server.use(express.static(path.join(APP_PATH, 'static'))) |
| 84 | server.use(bodyParser.json()) |
| 85 | server.use(hpp()) |
| 86 | server.use(helmet.contentSecurityPolicy({ |
| 87 | defaultSrc: [ "'self'" ], |
| 88 | scriptSrc: [ "'self'" ], |
| 89 | styleSrc: [ "'self'" ], |
| 90 | imgSrc: [ "'self'" ], |
| 91 | connectSrc: [ "'self'", 'ws:' ], |
| 92 | fontSrc: [ "'self'" ], |
| 93 | objectSrc: [ "'none'" ], |
| 94 | mediaSrc: [ "'none'" ], |
| 95 | frameSrc: [ "'none'" ] |
| 96 | })) |
| 97 | server.use(helmet.xssFilter()) |
| 98 | server.use(helmet.frameguard('deny')) |
| 99 | server.use(helmet.ieNoOpen()) |
| 100 | server.use(helmet.noSniff()) |
| 101 | } |
| 102 | |
| 103 | function sendWithReactRouter({ req, res, render, webpackStats, routerProps }) { |
| 104 | const { routes } = routerProps |