greatbody
/
freeCodeCamp
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
freeCodeCamp/curriculum/challenges/chinese/06-information-security-and.../information-security-with-h.../hide-potentially-dangerous-...

1.4 KiB
Raw Blame History

id title challengeType videoUrl localeTitle
587d8247367417b2b2512c37 Hide Potentially Dangerous Information Using helmet.hidePoweredBy() 2 使用helmet.hidePoweredBy隐藏潜在的危险信息

Description

提醒一下,这个项目是基于Glitch的以下入门项目构建的,或者是从GitHub克隆的。如果黑客看到您的网站由Express提供支持他们可以利用Express / Node中的已知漏洞。 X-Powered-ByExpress默认发送来自Express的每个请求。 helmet.hidePoweredBy中间件将删除X-Powered-By标头。您还可以将标头显式设置为其他内容以便让人们离开。例如app.usehelmet.hidePoweredBy{setTo'PHP 4.2.0'}

Instructions

Tests

tests:
  - text: helmet.hidePoweredBy中间件应正确安装
    testString: 'getUserInput => $.get(getUserInput("url") + "/_api/app-info").then(data => { assert.include(data.appStack, "hidePoweredBy"); assert.notEqual(data.headers["x-powered-by"], "Express")}, xhr => { throw new Error(xhr.responseText); })'

Challenge Seed

Solution

// solution required