From 6c601e0b429ed738575eb2721bd47824917ead14 Mon Sep 17 00:00:00 2001
From: Mathis <yidhra@tuta.io>
Date: Thu, 25 Apr 2024 15:56:48 +0200
Subject: [PATCH] feat(app): add helmet for XSS protection

In order to improve security, we've added Helmet to the app to provide protection against cross-site scripting (XSS) attacks. This integration involves enabling the xss filter middleware through Helmet.

Issue: #3
Signed-off-by: Mathis <yidhra@tuta.io>
---
 src/app.ts | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/app.ts b/src/app.ts
index c16343d..eecabe9 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -2,6 +2,7 @@ import express, { type Express } from 'express';
 import cors from 'cors';
 import compression from 'compression';
 import {Logger} from "tslog";
+import helmet from "helmet";
 
 
 const logger = new Logger({ name: "App" });
@@ -12,6 +13,14 @@ const app: Express = express();
 app.use(cors());
 app.options('*', cors());
 
+// enable xss sanitizer
+app.use(
+	helmet({
+		xXssProtection: true,
+	}),
+);
+app.use(helmet.xXssProtection())
+
 // parse json request body
 app.use(express.json());