greatbody
/
freeCodeCamp
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
freeCodeCamp/curriculum/challenges/german/09-information-security/information-security-with-h.../configure-helmet-using-the-...

51 lines
1.6 KiB
Markdown
Raw Normal View History

chore: add untranslated english files (#48047)
2022-10-15 08:52:49 +00:00
---
id: 587d8249367417b2b2512c40
title: Configure Helmet Using the parent helmet() Middleware
challengeType: 2
forumTopicId: 301575
dashedName: configure-helmet-using-the-parent-helmet-middleware
---
# --description--
As a reminder, this project is being built upon the following starter project on <a href="https://replit.com/github/freeCodeCamp/boilerplate-infosec" target="_blank" rel="noopener noreferrer nofollow">Replit</a>, or cloned from <a href="https://github.com/freeCodeCamp/boilerplate-infosec/" target="_blank" rel="noopener noreferrer nofollow">GitHub</a>.
`app.use(helmet())` will automatically include all the middleware introduced above, except `noCache()`, and `contentSecurityPolicy()`, but these can be enabled if necessary. You can also disable or configure any other middleware individually, using a configuration object.
**Example:**
```js
app.use(helmet({
frameguard: { // configure
action: 'deny'
},
contentSecurityPolicy: { // enable and configure
directives: {
defaultSrc: ["'self'"],
styleSrc: ['style.com'],
}
},
dnsPrefetchControl: false // disable
}))
```
We introduced each middleware separately for teaching purposes and for ease of testing. Using the parent `helmet()` middleware is easy to implement in a real project.
# --hints--
no tests - it's a descriptive challenge
```js
assert(true);
```
# --solutions--
```js
/**
Backend challenges don't need solutions,
because they would need to be tested against a full working project.
Please check our contributing guidelines to learn more.
*/
```