Added startup option to disable helmet

6 years ago · 981b0b2059
4 changed files with 17 additions and 5 deletions
--- a/index.js
+++ b/index.js
@ -94,6 +94,12 @@ if (require.main === module) {
          type: 'string',
          default: process.env.COMMAND || 'login',
        },
+        'no-helmet': {
+          demand: false,
+          description: 'disable helmet from placing security restrictions',
+          type: 'boolean',
+          default: false,
+        },
        help: {
          demand: false,
          alias: 'h',
--- a/src/server/index.ts
+++ b/src/server/index.ts
@ -17,6 +17,7 @@ export interface Options {
  port: number;
  title: string;
  command?: string;
+  disableHelmet?: boolean;
 }

 interface CLI extends Options {
@ -38,6 +39,7 @@ export default class Server {
    command,
    sslkey,
    sslcert,
+    disableHelmet,
  }: Options): Promise<void> {
    wetty
      .on('exit', ({ code, msg }: { code: number; msg: string }) => {
@ -56,11 +58,11 @@ export default class Server {
        host: sshhost,
        auth: sshauth,
        port: sshport,
-        title: title,
+        title,
        pass: sshpass,
        key: sshkey,
      },
-      { base, host, port, title },
+      { base, host, port, title, disableHelmet },
      command,
      { key: sslkey, cert: sslcert }
    );
--- a/src/server/interfaces.ts
+++ b/src/server/interfaces.ts
@ -21,4 +21,5 @@ export interface Server {
  port: number;
  host: string;
  base: string;
+  disableHelmet: boolean;
 }
--- a/src/server/server.ts
+++ b/src/server/server.ts
@ -17,7 +17,7 @@ const distDir = path.join(__dirname, 'client');
 const trim = (str: string): string => str.replace(/\/*$/, '');

 export default function createServer(
-  { base, port, host, title }: Server,
+  { base, port, host, title, disableHelmet }: Server,
  { key, cert }: SSLBuffer
 ): SocketIO.Server {
  const basePath = trim(base);
@ -61,7 +61,6 @@ export default function createServer(
  const app = express();
  app
    .use(morgan('combined', { stream: logger.stream }))
-    .use(helmet())
    .use(compression())
    .use(favicon(path.join(distDir, 'favicon.ico')))
    .use(`${basePath}/public`, express.static(distDir))
@ -77,6 +76,10 @@ export default function createServer(
    .get(basePath, html)
    .get(`${basePath}/ssh/:user`, html);

+  if (!disableHelmet) {
+    app.use(helmet());
+  }
+
  return socket(
    !isUndefined(key) && !isUndefined(cert)
      ? https.createServer({ key, cert }, app).listen(port, host, () => {