Simplify security middleware configuration

- Replaced detailed Helmet configuration with default settings - Added rate limiting middleware with standard configuration - Streamlined security middleware chain for improved readability and maintainability
2025-01-30 09:27:35 +01:00
parent 585b8d1f91
commit f5f756f71e
1 changed files with 4 additions and 25 deletions
--- a/src/security/index.ts
+++ b/src/security/index.ts
@@ -178,32 +178,11 @@ export function errorHandler(err: Error, req: Request, res: Response, next: Next

 // Export security middleware chain
 export const securityMiddleware = [
-    helmet({
-        contentSecurityPolicy: {
-            directives: {
-                defaultSrc: ["'self'"],
-                scriptSrc: ["'self'", "'unsafe-inline'"],
-                styleSrc: ["'self'", "'unsafe-inline'"],
-                imgSrc: ["'self'", 'data:', 'https:'],
-                connectSrc: ["'self'", process.env.HASS_HOST || ''],
-                upgradeInsecureRequests: true
-            }
-        },
-        dnsPrefetchControl: true,
-        frameguard: {
-            action: 'deny'
-        },
-        hidePoweredBy: true,
-        hsts: {
-            maxAge: 31536000,
-            includeSubDomains: true,
-            preload: true
-        },
-        noSniff: true,
-        referrerPolicy: { policy: 'no-referrer' },
-        xssFilter: true
+    helmet(),
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 100
    }),
-    rateLimiter,
    validateRequest,
    sanitizeInput,
    errorHandler