Remove shield

.adonisrc.json

@@ -31,7 +31,6 @@
     "@adonisjs/view",
     "@adonisjs/bouncer",
     "@adonisjs/ally",
-    "@adonisjs/shield"
   ],
   "aceProviders": [
     "@adonisjs/repl"

config/shield.ts

@@ -1,238 +0,0 @@
-/**
- * Config source: https://git.io/Jvwvt
- *
- * Feel free to let us know via PR, if you find something broken in this config
- * file.
- */
-
-import Env from '@ioc:Adonis/Core/Env'
-import { ShieldConfig } from '@ioc:Adonis/Addons/Shield'
-
-/*
-|--------------------------------------------------------------------------
-| Content Security Policy
-|--------------------------------------------------------------------------
-|
-| Content security policy filters out the origins not allowed to execute
-| and load resources like scripts, styles and fonts. There are wide
-| variety of options to choose from.
-*/
-export const csp: ShieldConfig['csp'] = {
-  /*
-  |--------------------------------------------------------------------------
-  | Enable/disable CSP
-  |--------------------------------------------------------------------------
-  |
-  | The CSP rules are disabled by default for seamless onboarding.
-  |
-  */
-  enabled: false,
-
-  /*
-  |--------------------------------------------------------------------------
-  | Directives
-  |--------------------------------------------------------------------------
-  |
-  | All directives are defined in camelCase and here is the list of
-  | available directives and their possible values.
-  |
-  | https://content-security-policy.com
-  |
-  | @example
-  | directives: {
-  |   defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
-  | }
-  |
-  */
-  directives: {
-  },
-
-  /*
-  |--------------------------------------------------------------------------
-  | Report only
-  |--------------------------------------------------------------------------
-  |
-  | Setting `reportOnly=true` will not block the scripts from running and
-  | instead report them to a URL.
-  |
-  */
-  reportOnly: false,
-}
-
-/*
-|--------------------------------------------------------------------------
-| CSRF Protection
-|--------------------------------------------------------------------------
-|
-| CSRF Protection adds another layer of security by making sure, actionable
-| routes does have a valid token to execute an action.
-|
-*/
-export const csrf: ShieldConfig['csrf'] = {
-  /*
-  |--------------------------------------------------------------------------
-  | Enable/Disable CSRF
-  |--------------------------------------------------------------------------
-  */
-  enabled: Env.get('NODE_ENV') !== 'testing',
-
-  /*
-  |--------------------------------------------------------------------------
-  | Routes to Ignore
-  |--------------------------------------------------------------------------
-  |
-  | Define an array of route patterns that you want to ignore from CSRF
-  | validation. Make sure the route patterns are started with a leading
-  | slash. Example:
-  |
-  | `/foo/bar`
-	|
-	| Also you can define a function that is evaluated on every HTTP Request.
-	| ```
-	|  exceptRoutes: ({ request }) => request.url().includes('/api')
-	| ```
-  |
-  */
-  exceptRoutes: [],
-
-  /*
-  |--------------------------------------------------------------------------
-  | Enable Sharing Token Via Cookie
-  |--------------------------------------------------------------------------
-  |
-  | When the following flag is enabled, AdonisJS will drop `XSRF-TOKEN`
-  | cookie that frontend frameworks can read and return back as a
-  | `X-XSRF-TOKEN` header.
-  |
-  | The cookie has `httpOnly` flag set to false, so it is little insecure and
-  | can be turned off when you are not using a frontend framework making
-  | AJAX requests.
-  |
-  */
-  enableXsrfCookie: true,
-
-  /*
-  |--------------------------------------------------------------------------
-  | Methods to Validate
-  |--------------------------------------------------------------------------
-  |
-  | Define an array of HTTP methods to be validated for a valid CSRF token.
-  |
-  */
-  methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
-}
-
-/*
-|--------------------------------------------------------------------------
-| DNS Prefetching
-|--------------------------------------------------------------------------
-|
-| DNS prefetching allows browsers to proactively perform domain name
-| resolution in background.
-|
-| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
-|
-*/
-export const dnsPrefetch: ShieldConfig['dnsPrefetch'] = {
-  /*
-  |--------------------------------------------------------------------------
-  | Enable/disable this feature
-  |--------------------------------------------------------------------------
-  */
-  enabled: true,
-
-  /*
-  |--------------------------------------------------------------------------
-  | Allow or Dis-Allow Explicitly
-  |--------------------------------------------------------------------------
-  |
-  | The `enabled` boolean does not set `X-DNS-Prefetch-Control` header. However
-  | the `allow` boolean controls the value of `X-DNS-Prefetch-Control` header.
-  |
-  | - When `allow = true`, then `X-DNS-Prefetch-Control = 'on'`
-  | - When `allow = false`, then `X-DNS-Prefetch-Control = 'off'`
-  |
-  */
-  allow: true,
-}
-
-/*
-|--------------------------------------------------------------------------
-| Iframe Options
-|--------------------------------------------------------------------------
-|
-| xFrame defines whether or not your website can be embedded inside an
-| iframe. Choose from one of the following options.
-|
-| - DENY
-| - SAMEORIGIN
-| - ALLOW-FROM http://example.com
-|
-| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-*/
-export const xFrame: ShieldConfig['xFrame'] = {
-  enabled: true,
-  action: 'DENY',
-}
-
-/*
-|--------------------------------------------------------------------------
-| Http Strict Transport Security
-|--------------------------------------------------------------------------
-|
-| A security to ensure that a browser always makes a connection over
-| HTTPS.
-|
-| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
-|
-*/
-export const hsts: ShieldConfig['hsts'] = {
-  enabled: true,
-  /*
-  |--------------------------------------------------------------------------
-  | Max Age
-  |--------------------------------------------------------------------------
-  |
-  | Control, how long the browser should remember that a site is only to be
-  | accessed using HTTPS.
-  |
-  */
-  maxAge: '180 days',
-
-  /*
-  |--------------------------------------------------------------------------
-  | Include Subdomains
-  |--------------------------------------------------------------------------
-  |
-  | Apply rules on the subdomains as well.
-  |
-  */
-  includeSubDomains: true,
-
-  /*
-  |--------------------------------------------------------------------------
-  | Preloading
-  |--------------------------------------------------------------------------
-  |
-  | Google maintains a service to register your domain and it will preload
-  | the HSTS policy. Learn more https://hstspreload.org/
-  |
-  */
-  preload: false,
-}
-
-/*
-|--------------------------------------------------------------------------
-| No Sniff
-|--------------------------------------------------------------------------
-|
-| Browsers have a habit of sniffing content-type of a response. Which means
-| files with .txt extension containing Javascript code will be executed as
-| Javascript. You can disable this behavior by setting nosniff to false.
-|
-| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-|
-*/
-export const contentTypeSniffing: ShieldConfig['contentTypeSniffing'] = {
-  enabled: true,
-}

package.json

@@ -28,7 +28,6 @@
     "@adonisjs/redis": "^7.0.6",
     "@adonisjs/repl": "^3.1.4",
     "@adonisjs/session": "^6.1.1",
-    "@adonisjs/shield": "^7.0.5",
     "@adonisjs/view": "^6.0.3",
     "axios": "^0.21.1",
     "luxon": "^1.27.0",

start/kernel.ts

@@ -22,7 +22,6 @@ import Server from "@ioc:Adonis/Core/Server";
 
 Server.middleware.register([
   () => import('@ioc:Adonis/Core/BodyParser'),
-  () => import('@ioc:Adonis/Addons/Shield'),
   () => import('App/Middleware/SilentAuth'),
 ])
 

tsconfig.json

@@ -36,7 +36,6 @@
       "@adonisjs/view",
       "@adonisjs/ally",
       "@adonisjs/bouncer",
-      "@adonisjs/shield"
     ]
   }
 }

yarn.lock

@@ -281,15 +281,6 @@
     "@poppinss/utils" "^3.1.5"
     fs-extra "^10.0.0"
 
-"@adonisjs/shield@^7.0.5":
-  version "7.0.5"
-  resolved "https://registry.yarnpkg.com/@adonisjs/shield/-/shield-7.0.5.tgz#7103c1fa8fa0b42883988a12a5caac8371fc548d"
-  integrity sha512-Gst4PXDMOKBq5VLNrt4p3QK3fHDR4U3CdIJIWyrV+HZtbVXQM+SI8+aIK7WXUpNuaI5y10ux1qzJ2qHHjWLwTQ==
-  dependencies:
-    "@poppinss/utils" "^3.1.5"
-    csrf "^3.1.0"
-    helmet-csp "^3.4.0"
-
 "@adonisjs/sink@^5.1.5":
   version "5.1.5"
   resolved "https://registry.yarnpkg.com/@adonisjs/sink/-/sink-5.1.5.tgz#8a238052d66f06dd9894516eb7270797c6489b2b"
@@ -1405,15 +1396,6 @@ cross-spawn@^7.0.3:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
-csrf@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/csrf/-/csrf-3.1.0.tgz#ec75e9656d004d674b8ef5ba47b41fbfd6cb9c30"
-  integrity sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==
-  dependencies:
-    rndm "1.2.0"
-    tsscmp "1.0.6"
-    uid-safe "2.1.5"
-
 css-select@^4.1.3:
   version "4.1.3"
   resolved "https://registry.yarnpkg.com/css-select/-/css-select-4.1.3.tgz#a70440f70317f2669118ad74ff105e65849c7067"
@@ -2193,11 +2175,6 @@ header-case@^2.0.4:
     capital-case "^1.0.4"
     tslib "^2.0.3"
 
-helmet-csp@^3.4.0:
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/helmet-csp/-/helmet-csp-3.4.0.tgz#7fdd0b0274cd90a64664e2ed8e48f9a430037233"
-  integrity sha512-a+YgzWw6dajqhQfb6ktxil0FsQuWTKzrLSUfy55dxS8fuvl1jidTIMPZ2udN15mjjcpBPgTHNHGF5tyWKYyR8w==
-
 html-minifier@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/html-minifier/-/html-minifier-4.0.0.tgz#cca9aad8bce1175e02e17a8c33e46d8988889f56"
@@ -4105,11 +4082,6 @@ rimraf@^3.0.2:
   dependencies:
     glob "^7.1.3"
 
-rndm@1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/rndm/-/rndm-1.2.0.tgz#f33fe9cfb52bbfd520aa18323bc65db110a1b76c"
-  integrity sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w=
-
 safe-buffer@5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
   version "5.1.2"
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
@@ -4640,11 +4612,6 @@ tslib@^2.0.3, tslib@^2.2.0, tslib@^2.3.0:
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.3.1.tgz#e8a335add5ceae51aa261d32a490158ef042ef01"
   integrity sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==
 
-tsscmp@1.0.6:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb"
-  integrity sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==
-
 tsse@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/tsse/-/tsse-2.0.0.tgz#757a1357473fecaffb5c70024acd179514779f64"