docs: Remove wording that implies is Shield is added by default

arcjet · May 21, 2024 · d7ea5bd · d7ea5bd
1 parent 9800186
commit d7ea5bd
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 23 deletions.
diff --git a/arcjet-bun/README.md b/arcjet-bun/README.md
@@ -75,8 +75,8 @@ export default {
 ## Shield example
 
 [Arcjet Shield][shield-concepts-docs] protects your application against common
-attacks, including the OWASP Top 10. It’s enabled by default and runs on every
-request with negligible performance impact.
+attacks, including the OWASP Top 10. You can run Shield on every request with
+negligible performance impact.
 
 ```ts
 import arcjet, { shield } from "@arcjet/bun";

diff --git a/arcjet-next/README.md b/arcjet-next/README.md
@@ -86,31 +86,32 @@ export async function GET(req: Request) {
 ## Shield example
 
 [Arcjet Shield](https://docs.arcjet.com/shield/concepts) protects your
-application against common attacks, including the OWASP Top 10. It’s enabled by
-default and runs on every request with negligible performance impact.
+application against common attacks, including the OWASP Top 10. You can run
+Shield on every request with negligible performance impact.
 
 See the [Arcjet Shield
 documentation](https://docs.arcjet.com/shield/quick-start/nextjs) for details.
 
 ```ts
-import arcjet from "@arcjet/next";
+import arcjet, { shield } from "@arcjet/next";
 import { NextResponse } from "next/server";
 
 const aj = arcjet({
-  // Get your site key from https://app.arcjet.com
-  // and set it as an environment variable rather than hard coding.
-  // See: https://nextjs.org/docs/app/building-your-application/configuring/environment-variables
-  key: process.env.ARCJET_KEY,
-  rules: [], // Shield requires no rule configuration
+  key: process.env.ARCJET_KEY, // Get your site key from https://app.arcjet.com
+  rules: [
+    shield({
+      mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
+    }),
+  ],
 });
 
 export async function GET(req: Request) {
   const decision = await aj.protect(req);
 
   if (decision.isDenied()) {
     return NextResponse.json(
-      { error: "Too Many Requests", reason: decision.reason },
-      { status: 429 },
+      { error: "Forbidden", reason: decision.reason },
+      { status: 403 },
     );
   }
 

diff --git a/arcjet-node/README.md b/arcjet-node/README.md
@@ -82,19 +82,20 @@ server.listen(8000);
 ## Shield example
 
 [Arcjet Shield][shield-concepts-docs] protects your application against common
-attacks, including the OWASP Top 10. It’s enabled by default and runs on every
-request with negligible performance impact.
+attacks, including the OWASP Top 10. You can run Shield on every request with
+negligible performance impact.
 
 ```ts
-import arcjet from "@arcjet/node";
+import arcjet, { shield } from "@arcjet/node";
 import http from "node:http";
 
 const aj = arcjet({
-  // Get your site key from https://app.arcjet.com
-  // and set it as an environment variable rather than hard coding.
-  // See: https://nextjs.org/docs/app/building-your-application/configuring/environment-variables
-  key: process.env.ARCJET_KEY,
-  rules: [], // Shield requires no rule configuration
+  key: process.env.ARCJET_KEY!, // Get your site key from https://app.arcjet.com
+  rules: [
+    shield({
+      mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
+    }),
+  ],
 });
 
 const server = http.createServer(async function (

diff --git a/arcjet-sveltekit/README.md b/arcjet-sveltekit/README.md
@@ -72,8 +72,8 @@ export async function load(event: RequestEvent) {
 ## Shield example
 
 [Arcjet Shield][shield-concepts-docs] protects your application against common
-attacks, including the OWASP Top 10. It’s enabled by default and runs on every
-request with negligible performance impact.
+attacks, including the OWASP Top 10. You can run Shield on every request with
+negligible performance impact.
 
 ```ts
 // In your `hooks.server.ts` file

diff --git a/examples/sveltekit/README.md b/examples/sveltekit/README.md
@@ -42,7 +42,7 @@ This example shows how to use Arcjet to protect [SvelteKit](https://kit.svelte.d
 
 ## How it works
 
-The `arcjet` instance is created in the server-only module `/src/lib/server/arcjet.ts` and is configured to enable [Shield](https://docs.arcjet.com/shield) by default.
+The `arcjet` instance is created in the server-only module `/src/lib/server/arcjet.ts` and is configured to enable [Shield](https://docs.arcjet.com/shield).
 
 `/src/hooks.server.ts` imports the `arcjet` instance and runs the `protect()` method on all requests. The only exception is any requests who's pathanme is listed in `filteredRoutes`, in which case protection is left to that route's server code.