fix: use best secure practices for response headers

agrc · Jun 11, 2024 · f102acc · f102acc
1 parent cfa389d
commit f102acc
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/index.js b/index.js
@@ -3,6 +3,7 @@ import cors from 'cors';
 import 'dotenv/config';
 import express from 'express';
 import fs from 'fs';
+import helmet from 'helmet';
 import { createProxyMiddleware, fixRequestBody } from 'http-proxy-middleware';
 import https from 'https';
 
@@ -16,6 +17,7 @@ if (!process.env.OPEN_QUAD_WORD) {
 
 let app = express();
 
+app.use(helmet());
 app.use(cors());
 
 // required for parsing submitted form data

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -30,6 +30,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
     "express": "^4.19.2",
+    "helmet": "^7.1.0",
     "http-proxy-middleware": "^3.0.0"
   },
   "devDependencies": {