Extend Sails built in security with lusca

Question

How can I extend the Sails built in security? For example how can I implement lusca (module from Kraken) in Sails? What are other alternate ways of extending the built in security in Sails?

Answer 1

You can add modules like lusca and helmet in http.js and configuring the order.

var lusca = require('lusca');
var helmet = require('helmet');
module.exports.http = {

  middleware: {
    order: [
      'startRequestTimer',
      'cookieParser',
      'session',
      'bodyParser',
      'handleBodyParserError',
      'compress',
      'methodOverride',
      '$custom',
      'helmetProtection',
      'xframe',
      'router',
      'www',
      'favicon',
      '404',
      '500'
    ],

    xframe: function xframe(req, res, next) {
      return lusca.xframe('SAMEORIGIN')(req, res, next);
    },

    helmetProtection: function helmetProtection(req, res, next) {
      return helmet({
        frameguard: false
      })(req, res, next);
    }
  },
  cache: 1 * 60 * 60
};

Answer 2

The above answer given by @MjZac is perfectly worked. I just want to add an updated version of the file as per the latest version of the sails Js.

var helmet = require('helmet');
module.exports.http = {
  cache: 365.25 * 24 * 60 * 60 * 1000,
  trustProxy: true,
  middleware: {
    order: [
      'cookieParser',
      'session',
      'bodyParser',
      'compress',
      'helmetProtection',
      'xss',
      'router',
      'www',
      'favicon'
    ],

    xss: require('lusca').xssProtection('1'),

    helmetProtection: function helmetProtection(req, res, next) {
      return helmet({
        frameguard: false
      })(req, res, next);
    }
  }
};