| Silver shield for common web attacks.

Adonis shield is middleware to standard HTTP websites to protect themselves from common web attacks like xss, csp and csrf.

NOTE: You don't need this middleware if you are writing an API server.

1. Support to define CSP policies.
2. Setup X-Content-Type-Options header.
3. Setup X-Frame-Options header.
4. Setup X-XSS-Protection header.
5. Protect HTML forms from CSRF attacks.

Checkout instructions file on how to setup this inside Adonisjs application.

This repo/branch is supposed to run fine on all major OS platforms and targets Node.js >=7.0

Great! If you are planning to contribute to the framework, make sure to adhere to following conventions, since a consistent code-base is always joy to work with.

Run the following command to see list of available npm scripts.

npm run

1. Lint your code using standardJs. Run npm run lint command to check if there are any linting errors.
2. Make sure you write tests for all the changes/bug fixes.
3. Also you can write regression tests, which shows that something is failing but doesn't breaks the build. Which is actually a nice way to show that something fails. Regression tests are written using test.failing() method.
4. Make sure all the tests are passing on travis and appveyor.

Since Es6 is in, you should strive to use latest features. For example:

1. Use Spread over arguments keyword.
2. Never use bind or call. After calling these methods, we cannot guarantee the scope of any methods and in AdonisJs codebase we do not override the methods scope.
3. Make sure to write proper docblock.

It is always helpful if we try to follow certain practices when creating issues or PR's, since it will save everyone's time.

1. Always try creating regression tests when you find a bug (if possible).
2. Share some context on what you are trying to do, with enough code to reproduce the issue.
3. For general questions, please create a forum thread.
4. When creating a PR for a feature, make sure to create a parallel PR for docs too.

Regression tests are tests, which shows how a piece of code fails under certain circumstance, but the beauty is even after the failure, the test suite will never fail. Actually is a nice way to notify about bugs, but making sure everything is green.

The regression tests are created using

test.failing('2 + 2 is always 4, but add method returns 6', (assert) => {
 assert.true(add(2, 2), 4)
})

Now since the add method has a bug, it will return 6 instead of 4. But the build will pass.