WorkSimplon/brief-05-back
2
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

feat(app): add helmet for XSS protection

Browse Source 
In order to improve security, we've added Helmet to the app to provide protection against cross-site scripting (XSS) attacks. This integration involves enabling the xss filter middleware through Helmet.

Issue: #3
Signed-off-by: Mathis <yidhra@tuta.io>
This commit is contained in:
Mathis H (Avnyr) 2024-04-25 15:56:48 +02:00
parent 3ee76fb965
commit 6c601e0b42
Signed by: Mathis
GPG Key ID: DD9E0666A747D126
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/app.ts
View File

@ -2,6 +2,7 @@ import express, { type Express } from 'express';
import cors from 'cors'; import cors from 'cors';
import compression from 'compression'; import compression from 'compression';
import {Logger} from "tslog"; import {Logger} from "tslog";
import helmet from "helmet";
const logger = new Logger({ name: "App" }); const logger = new Logger({ name: "App" });
@ -12,6 +13,14 @@ const app: Express = express();
app.use(cors()); app.use(cors());
app.options('*', cors()); app.options('*', cors());
// enable xss sanitizer
app.use(
helmet({
xXssProtection: true,
}),
);
app.use(helmet.xXssProtection())
// parse json request body // parse json request body
app.use(express.json()); app.use(express.json());