Security Updates

dymajo · Oct 24, 2016 · cf069ed · cf069ed
1 parent 891122d
commit cf069ed
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 20 deletions.
diff --git a/app.js b/app.js
@@ -4,9 +4,16 @@ var bodyParser = require('body-parser')
 // var compression = require('compression')
 
 var app = express()
+app.disable('x-powered-by')
 app.use(bodyParser.json()) // can parse post requests
-// going to use nginx for this
-// app.use(compression()) // compresses all requests
+// compression performed by nginx
+// set headers for every request
+app.use(function(req, res, next) {
+  res.setHeader('X-Frame-Options', 'SAMEORIGIN')
+  res.setHeader('X-Content-Type-Options', 'nosniff')
+  res.setHeader('X-XSS-Protection', '1; mode=block')
+  next()
+})
 
 var cb = function(req, res) {
   res.sendFile(__dirname + '/dist/index.html')

diff --git a/js/stores/settingsStore.ts b/js/stores/settingsStore.ts
@@ -10,7 +10,7 @@ export namespace SettingsStore {
       state[attrname] = preState[attrname]
     }
   }
-  localStorage.setItem('AppVersion', '0.2')
+  localStorage.setItem('AppVersion', '0.2.1')
   export function getState() {
     return state
   }

diff --git a/js/views/search.tsx b/js/views/search.tsx
@@ -53,8 +53,6 @@ const ferryIcon = Icon({
   iconSize: [30, 49]
 })
 
-// whatever the public can use doesn't really bother me
-const token = '?access_token=pk.eyJ1IjoiY29uc2luZG8iLCJhIjoiY2lza3ozcmd5MDZrejJ6b2M0YmR5dHBqdiJ9.Aeru3ssdT8poPZPdN2eBtg'
 let dataRequest = undefined
 let geoID = undefined
 

diff --git a/js/views/station.tsx b/js/views/station.tsx
@@ -7,8 +7,6 @@ import { UiStore } from '../stores/uiStore.ts'
 import { SettingsStore } from '../stores/settingsStore.ts'
 import TripItem from './tripitem.tsx'
 
-const hToken = 'pk.eyJ1IjoiY29uc2luZG8iLCJhIjoiY2lza3ozcmd5MDZrejJ6b2M0YmR5dHBqdiJ9.Aeru3ssdT8poPZPdN2eBtg'
-
 declare function require(name: string): any;
 let request = require('reqwest')
 let webp = require('../models/webp')

diff --git a/scss/_leaflet.scss b/scss/_leaflet.scss
@@ -372,19 +372,6 @@
 
 .leaflet-container .leaflet-control-attribution {
   display: none;
-  margin: 0;
-  text-indent: -9999px;
-  background-position: 0 0;
-  background-repeat: no-repeat;
-  background-size: 65px 20px;
-  height: 20px;
-  width: 65px;
-  margin: 0 10px 10px;
-  background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIIAAAAoCAMAAAAFWtJHAAAAwFBMVEUAAAAAAAAAAABtbW0AAAAAAAAAAAAAAAAAAAAAAAClpaUAAADp6ekAAAD5+fna2toAAAAMDAzv7+/Nzc0AAAA2Njb8/Pz9/f3T09MAAAAAAAD7+/sAAAArKyuxsbH39/fs7OwbGxuIiIjz8/N8fHyenp7u7u74+PgAAAC8vLxWVlbx8fF1dXXl5eVcXFyUlJTQ0NDFxcVCQkLAwMC4uLj19fXo6OjW1tarq6ve3t77+/vi4uL6+vrKysrNzc3///8w7gSSAAAAP3RSTlMAOQNdPSYBPywKexLLGPCxNEHXnzFL+v2nGwf1IEiE6dBFad9jd9PuLo1V2mDDV3Cjl06SiuXIq4C3973ym6BQMVUPAAAEXElEQVR4Ae2WCVP6OBiH05L0l1IqrVbkKHJ54I0oHn+PfP9vtUle0z/YdhbH2XVnd58ZnRJIeHiPJOx//mH4vQSAN+8FjAhFxgHIaPvJeZ99hxwEElon5iAQbj85Y98g8ODwjEOMAvGFyeE3FEKgodTBqj0BJGN9DhyNd5Ta3ean9QEopfaA+LsKhnEKRExqg4FSP6Og7oEkAjBWnxSCgBX4xF+kcLoPcOBQrSv0e5kH7s1j37jECQieCTPiFGxL5VHw2zQWCeeJiPt6kjRQw0XSkIdVChf67xGa4alSnZlT6HEQ8CK9ANbhvXUF9xlDkBfTuHDWScgC9+z5FQpPI12TlwC6+sV7ixR8CUMKiwjm2GQeOQWHMGuHGdbnObJAwCEqFJpNU5H6uaPUaEIKiQfg+PHk1+u4OwW9PlWW2ctbA4BHCtp+cNK+H8Jos4gDmC5ar4Nx9waaG/2B13NgDqS7+vm2RgEtEws82P+kwIHhs/pgkQKcFIhfd7CogtGNjYMHTLpurD0ERbYFw4JaD3GlQuNAL/JEsSAF4HqlCnaHACk4WhOn4OgCkMD5hSpYNYDJTD8Y46n+jsE1kPhVCuR6QBXhFK7MUOu9O6b1SWF3b+/9ZVWMGOlu93E8UDaAhgc7bfH+0DHqKXCkHzoNDFfU+zxiVQrUC9QXTuHYtKpN59OA3IxCG4b7jh6ZFuVockaNTW09mkJzOaPU49a6mE9cAchZpQJNpUWcwgV9r6FJswsFKrITp2B5pMBMdnS0z2HZNy2+BNKxSZxZfglkrFYBJxQnpzA5sN/HheR2aFQoZBLAi149dQoyAYYjW0hHlHguBAdMcR0DuDZ5omevX6+AI8qcU7ikKT3GBHCnXwydgmCC0tRwCnGQ2Wp6Be71yNIWfQSkOl9vAI1SBCNWrwC01RROgX7BuT2HI4r7tFAw086p/NwZEdOEa7R1uAFuNmQPuKAEAjYNQ0CyeoUEWHYBnpQVQgpvc0Ph+gsKlAnKg1+vEHsw5LKciLKCAJobiWBzYFGbCKpHqkZZrxBFHEASyFI59vJPCskcwNVGOWZAOqsrR+pKbaNeAMT1CixMEtlnsqopNxUMzVJT3tY35aXZm6a6Y9QhwMN6BUJWbE1lhbMO1WehkO7poO0sK7em9MJGxp1XSbC1gtugzzSLQmGsX7VntJGSwsPZ2d2z3bIPKzdoOp3Wzqt8G4XyMVUoFIxLx1S7+piaHtCvR3FeRVsq0GFdp9C5TbGpcNqsPqyHKxcfd14h21KhuLKUFU4f3osrC7F6uV3WXFnadL7wyAPeKDXw2RoJCO5GY4DouYvb/gepVXheLoewzPseQG9N/vzilrMIjoStE3++zvle4eSurw7XEe76ynI4aq+v7lEyt1x5awiFlFLQbHKIpabnM3eJLym4Szzzc/du7SU+zOXv9UNpECH7IoH/gecURPlN9vdQpeD47yhIFNX0U0QgvID9nENm+yxk/xb+AGAjNfRZuk9qAAAAAElFTkSuQmCC);
-
-  @media (pointer: fine) {
-    margin-left: calc(50vw - 35px);
-  }
 }
 .leaflet-control-attribution,
 .leaflet-control-scale-line {