added Helmet middleware for security

This commit is contained in:
bill bittner 2017-09-15 11:09:21 -07:00
parent 283338b719
commit 866bfda293
2 changed files with 3 additions and 2 deletions

View file

@ -32,6 +32,7 @@
"connect-multiparty": "^2.0.0", "connect-multiparty": "^2.0.0",
"express": "^4.15.2", "express": "^4.15.2",
"express-handlebars": "^3.0.0", "express-handlebars": "^3.0.0",
"helmet": "^3.8.1",
"mysql2": "^1.3.5", "mysql2": "^1.3.5",
"nodemon": "^1.11.0", "nodemon": "^1.11.0",
"sequelize": "^4.1.0", "sequelize": "^4.1.0",

View file

@ -7,7 +7,7 @@ const Handlebars = require('handlebars');
const config = require('config'); const config = require('config');
const logger = require('winston'); const logger = require('winston');
const { getDownloadDirectory } = require('./helpers/lbryApi'); const { getDownloadDirectory } = require('./helpers/lbryApi');
const helmet = require('helmet');
const PORT = 3000; // set port const PORT = 3000; // set port
const app = express(); // create an Express application const app = express(); // create an Express application
const db = require('./models'); // require our models for syncing const db = require('./models'); // require our models for syncing
@ -20,7 +20,7 @@ require('./config/slackLoggerConfig.js')(logger);
// trust the proxy to get ip address for us // trust the proxy to get ip address for us
app.enable('trust proxy'); app.enable('trust proxy');
// add middleware // add middleware
app.use(express.static(`${__dirname}/public`)); // 'express.static' to serve static files from public directory app.use(helmet()); // set HTTP headers to protect against well-known web vulnerabilties
app.use(express.static(`${__dirname}/public`)); // 'express.static' to serve static files from public directory app.use(express.static(`${__dirname}/public`)); // 'express.static' to serve static files from public directory
app.use(bodyParser.json()); // 'body parser' for parsing application/json app.use(bodyParser.json()); // 'body parser' for parsing application/json
app.use(bodyParser.urlencoded({ extended: true })); // 'body parser' for parsing application/x-www-form-urlencoded app.use(bodyParser.urlencoded({ extended: true })); // 'body parser' for parsing application/x-www-form-urlencoded