-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: nodejs: remove helmet #535
Conversation
PR Reviewer Guide 🔍(Review updated until commit 01e022f)
|
CI Failure Feedback 🧐(Checks updated until commit 4021fee)
✨ CI feedback usage guide:The CI feedback tool (
In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:
where Configuration options
See more information about the |
User description
Headers added by helmet are mostly to prevent clickjacking attacks and similar and those are not relevant on an API that has nothing to click on.
PR Type
Bug fix, Dependencies
Description
helmet
middleware from the application as it is not relevant for an API.body-parser
middleware and replaced it withexpress.json()
.x-powered-by
header and disabled ETag for better security and performance.helmet
andbody-parser
dependencies frompackage.json
andpnpm-lock.yaml
.ws
dependency to version 8.17.1 inpnpm-lock.yaml
.Changes walkthrough 📝
app.ts
Remove
helmet
andbody-parser
middlewares, update express settings.src/app.ts
helmet
middleware.body-parser
middleware.express.json()
middleware.x-powered-by
header and disabled ETag.package.json
Remove `helmet` and `body-parser` dependencies, add `ws` dependency.
package.json
helmet
andbody-parser
dependencies.ws
dependency with version constraint.pnpm-lock.yaml
Update lock file to reflect dependency changes.
pnpm-lock.yaml
helmet
andbody-parser
dependencies.ws
dependency to version 8.17.1.