Code coverage report for esecurity/lib/middleware/clickJacking.js

Statements: 100% (23 / 23)      Branches: 100% (26 / 26)      Functions: 100% (2 / 2)      Lines: 100% (20 / 20)      Ignored: none     

All files » esecurity/lib/middleware/ » clickJacking.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37  1   8 8 8 8 8   8     8 2   6   6 5   6 1         5 5 4 3   5   5      
 
module.exports = function ClickJackingConstructor(opts) {
 
    opts = opts || {};
    opts.deny = typeof opts.deny != "undefined" ? opts.deny : false;
    opts.sameOrigin = opts.sameOrigin || false;
    opts.allowFrom = opts.allowFrom || false;
    opts.jsUrl = opts.jsUrl || "clickjacking_protection.js";
    
    return function clickJacking(req, res, next) {
        
        // self-awareness
        if (req._esecurity_clickjacking)
            return next();
 
        req._esecurity_clickjacking = true;
        
        if (opts.jsUrl && opts.jsUrl.charAt(0) !== "/")
            opts.jsUrl = "/" + opts.jsUrl;
        
        if (opts.jsUrl && opts.jsUrl === req.url)
            return res.sendfile("utils/clickjackingProtection.js", {
                root: __dirname,
                maxAge: opts.maxAge
            });
            
        var frameOptions = "DENY";
        if (opts.deny) frameOptions = "DENY";
        else if (opts.sameOrigin) frameOptions = "SAMEORIGIN";
        else if (opts.allowFrom) frameOptions = "ALLOW-FROM " + opts.allowFrom;
        
        res.set("X-Frame-Options", frameOptions);
        
        return next();
    };
};