add hpp to address express vulnerability

2015-06-04 19:30:27 -07:00
parent 208f4ea18f
commit 875d09c29b
2 changed files with 3 additions and 0 deletions
--- a/package.json
+++ b/package.json
@ -53,6 +53,7 @@
    "gulp-minify-css": "~0.5.1",
    "helmet": "~0.9.0",
    "helmet-csp": "^0.2.3",
+    "hpp": "^0.2.0",
    "jade": "~1.8.0",
    "less": "~1.7.5",
    "less-middleware": "~2.0.1",
--- a/server/server.js
+++ b/server/server.js
@ -27,6 +27,7 @@ var R = require('ramda'),
    expressValidator = require('express-validator'),
    forceDomain = require('forcedomain'),
    lessMiddleware = require('less-middleware'),
+    hpp = require('hpp'),

    passportProviders = require('./passport-providers'),
    /**
@ -59,6 +60,7 @@ app.use(lessMiddleware(path.join(__dirname, '/public')));
 app.use(logger('dev'));
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: true }));
+app.use(hpp());
 app.use(expressValidator({
  customValidators: {
    matchRegex: function (param, regex) {