{
  "slug": "security-header",
  "runtimes": {
    "node": {
      "frameworks": {
        "express": {
          "dependencies": {
            "runtime": [
              "helmet",
              "cors"
            ],
            "dev": [
              "@types/cors"
            ]
          },
          "env": [],
          "architectures": {
            "mvc": {
              "files": [
                {
                  "type": "file",
                  "path": "src/middlewares/security-header.ts",
                  "content": "import cors from \"cors\";\r\nimport { Express } from \"express\";\r\nimport helmet from \"helmet\";\r\n\r\nexport const configureSecurityHeaders = (app: Express) => {\r\n  // Use Helmet to set various security-related HTTP headers\r\n  app.use(helmet());\r\n\r\n  // Configure CORS\r\n  app.use(\r\n    cors({\r\n      origin: process.env.CORS_ORIGIN || \"*\",\r\n      credentials: true,\r\n      methods: [\"GET\", \"POST\", \"PUT\", \"DELETE\", \"PATCH\", \"OPTIONS\"],\r\n      allowedHeaders: [\"Content-Type\", \"Authorization\", \"X-Requested-With\"]\r\n    })\r\n  );\r\n\r\n  // Additional custom security headers\r\n  app.use((req, res, next) => {\r\n    res.setHeader(\"X-Content-Type-Options\", \"nosniff\");\r\n    res.setHeader(\"X-Frame-Options\", \"DENY\");\r\n    res.setHeader(\"X-XSS-Protection\", \"1; mode=block\");\r\n    next();\r\n  });\r\n};\r\n"
                }
              ]
            },
            "feature": {
              "files": [
                {
                  "type": "file",
                  "path": "src/shared/middlewares/security-header.ts",
                  "content": "import cors from \"cors\";\r\nimport { Express } from \"express\";\r\nimport helmet from \"helmet\";\r\n\r\nexport const configureSecurityHeaders = (app: Express) => {\r\n  // Use Helmet to set various security-related HTTP headers\r\n  app.use(helmet());\r\n\r\n  // Configure CORS\r\n  app.use(\r\n    cors({\r\n      origin: process.env.CORS_ORIGIN || \"*\",\r\n      credentials: true,\r\n      methods: [\"GET\", \"POST\", \"PUT\", \"DELETE\", \"PATCH\", \"OPTIONS\"],\r\n      allowedHeaders: [\"Content-Type\", \"Authorization\", \"X-Requested-With\"]\r\n    })\r\n  );\r\n\r\n  // Additional custom security headers\r\n  app.use((req, res, next) => {\r\n    res.setHeader(\"X-Content-Type-Options\", \"nosniff\");\r\n    res.setHeader(\"X-Frame-Options\", \"DENY\");\r\n    res.setHeader(\"X-XSS-Protection\", \"1; mode=block\");\r\n    next();\r\n  });\r\n};\r\n"
                }
              ]
            }
          }
        }
      }
    }
  }
}