Merge pull request sagarkarira#48 from XhmikosR/helmet

sagarkarira · web-flow · commit 02ec58e77fb3 · 2020-03-23T23:22:16.000+05:30
Add helmet
diff --git a/app.js b/app.js
@@ -1,4 +1,5 @@
 const express = require('express');
+const helmet = require('helmet');
 const morgan = require('morgan');
 const chalk = require('chalk');
 
@@ -27,6 +28,22 @@ function errorHandler(error, res) {
 
 app.set('json escape', true);
 
+app.use(helmet({
+  dnsPrefetchControl: false,
+  frameguard: {
+    action: 'deny'
+  }
+}));
+
+app.use(helmet.hsts({
+  force: true,
+  includeSubDomains: true,
+  maxAge: 63072000, // 2 years
+  preload: true
+}));
+
+app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
+
 app.use(morgan(':remote-addr :remote-user :method :url :status :res[content-length] - :response-time ms'));
 app.use((req, res, next) => {
   res.setHeader('Cache-Control', 'no-cache');
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -38,6 +38,7 @@
     "country-code-lookup": "0.0.16",
     "emoji-flags": "^1.2.0",
     "express": "^4.17.1",
+    "helmet": "^3.21.3",
     "humanize-number": "0.0.2",
     "lodash": "^4.17.15",
     "moment": "^2.24.0",
