feat(connect): add nosniff

Author: azu

src/connect/connect.js

@@ -0,0 +1,17 @@
+"use strict";
+function setHeaders(res, headers) {
+    Object.keys(headers).forEach(key => {
+        let value = headers[key];
+        if (value !== null) {
+            res.setHeader(key, value);
+        }
+    });
+}
+export default function () {
+    return function (req, res, next) {
+        setHeaders(res, {
+            "X-Content-Type-Options": "nosniff"
+        });
+        next();
+    }
+}

src/connect/nosniff.js

@@ -2,6 +2,7 @@
 "use strict";
 import assert from "power-assert";
 import connect from "connect"
+import nosniff from "../../src/connect/nosniff";
 import hello from "../../src/connect/hello";
 import http from "http";
 import fetch from "node-fetch";
@@ -10,6 +11,7 @@ describe("hello", function () {
     var server;
     before(function (done) {
         var app = connect();
+        app.use(nosniff());
         app.use(hello(responseText));
         server = http.createServer(app).listen(3000, done);
     });
@@ -23,4 +25,10 @@ describe("hello", function () {
                 assert.equal(text, responseText);
             });
     });
+    it("should return response has `X-Content-Type-Options` header", function () {
+        return fetch("http://localhost:3000")
+            .then(res => {
+                assert.equal(res.headers.get("x-content-type-options"), "nosniff");
+            })
+    });
 });