Skip to content
This repository has been archived by the owner on Aug 30, 2021. It is now read-only.

Commit

Permalink
move helmet and express.static before sessions for performance
Browse files Browse the repository at this point in the history
  • Loading branch information
@bmonty
bmonty committed Dec 26, 2014
1 parent a0d8b13 commit ca009b9
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions config/express.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,16 @@ module.exports = function(db) {
app.use(bodyParser.json());
app.use(methodOverride());

// Use helmet to secure Express headers
app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.disable('x-powered-by');

// Setting the app router and static folder
app.use(express.static(path.resolve('./public')));

// CookieParser should be above session
app.use(cookieParser());

Expand All @@ -106,16 +116,6 @@ module.exports = function(db) {
// connect flash for flash messages
app.use(flash());

// Use helmet to secure Express headers
app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.disable('x-powered-by');

// Setting the app router and static folder
app.use(express.static(path.resolve('./public')));

// Globbing routing files
config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) {
require(path.resolve(routePath))(app);
Expand Down Expand Up @@ -160,4 +160,4 @@ module.exports = function(db) {

// Return Express server instance
return app;
};
};

0 comments on commit ca009b9

Please sign in to comment.