42 lines
1.4 KiB
Markdown
42 lines
1.4 KiB
Markdown
|
---
|
||
|
id: 587d8247367417b2b2512c37
|
||
|
title: Hide Potentially Dangerous Information Using helmet.hidePoweredBy()
|
||
|
challengeType: 2
|
||
|
---
|
||
|
|
||
|
## Description
|
||
|
<section id='description'>
|
||
|
As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.
|
||
|
Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express. X-Powered-By: Express is sent in every request coming from Express by default. The helmet.hidePoweredBy() middleware will remove the X-Powered-By header. You can also explicitly set the header to something else, to throw people off. e.g. app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))
|
||
|
</section>
|
||
|
|
||
|
## Instructions
|
||
|
<section id='instructions'>
|
||
|
|
||
|
</section>
|
||
|
|
||
|
## Tests
|
||
|
<section id='tests'>
|
||
|
|
||
|
```yml
|
||
|
tests:
|
||
|
- text: helmet.hidePoweredBy() middleware should be mounted correctly
|
||
|
testString: 'getUserInput => $.get(getUserInput(''url'') + ''/_api/app-info'').then(data => { assert.include(data.appStack, ''hidePoweredBy''); assert.notEqual(data.headers[''x-powered-by''], ''Express'')}, xhr => { throw new Error(xhr.responseText); })'
|
||
|
|
||
|
```
|
||
|
|
||
|
</section>
|
||
|
|
||
|
## Challenge Seed
|
||
|
<section id='challengeSeed'>
|
||
|
|
||
|
</section>
|
||
|
|
||
|
## Solution
|
||
|
<section id='solution'>
|
||
|
|
||
|
```js
|
||
|
// solution required
|
||
|
```
|
||
|
</section>
|