gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[guide] [english] Fill in stubs for helmet lessons (#34332)

Browse Source 
* fill in stub for helmet lesson on noSniff()

* fill in stub for helmet lesson ieNoOpen()

* fill in helmet hsts() stub

* fill in stub for helmetjs lesson-DNS prefetching

* fill in stub for helmet lesson on noCache()

* fill in stub for helmetjs lesson on XSS

* fill in stub for helmet lesson 'parent'

* fill in stub for lesson on bcrypt

* fix type `is` to `it` on line 11

* fill in stub for bcrypt hash lesson

* fill in stub for bcrypt hash sync

* fill stub for helmet lessons overview

* fix spacing

* fix typo
This commit is contained in:
Tom
2019-02-11 14:25:59 -06:00
committed by Christopher McCormack
parent 723ef28ad1
commit e74fcb2108
11 changed files with 101 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts/index.md
View File

@ -3,8 +3,14 @@ title: Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts()
--- ---
## Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts() ## Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts()
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Hint
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - You want your `app` to `use` helmet's `hsts()` method.
- Don't forget to give the methed the appropriate `maxAge` and `force` configurations.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> ### Solution
- In the `myApp.js` file, create a variable to use for the `maxAge` configuration by adding `var ninetyDaysInMilliseconds = 90*24*60*60*1000;` under the seventh instructions.
- Then, on the next line add `app.use(helmet.hsts({ maxAge: ninetyDaysInMilliseconds, force: true }));`.
**Note:** Be sure to submit the link to the **live demo** of your project.

10
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/avoid-inferring-the-response-mime-type-with-helmet.nosniff/index.md
View File

@ -3,8 +3,12 @@ title: Avoid Inferring the Response MIME Type with helmet.noSniff()
--- ---
## Avoid Inferring the Response MIME Type with helmet.noSniff() ## Avoid Inferring the Response MIME Type with helmet.noSniff()
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/avoid-inferring-the-response-mime-type-with-helmet.nosniff/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Hint
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - You want your `app` to `use` helmet's `noSniff()` method on each request.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> ### Solution
- In the `myApp.js` file add `app.use(helmet.noSniff());` under the fifth instructions.
**Note:** Be sure to submit the link to the **live demo** of your project.

6
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/configure-helmet-using-the-parent-helmet-middleware/index.md
View File

@ -3,8 +3,8 @@ title: Configure Helmet Using the parent helmet() Middleware
--- ---
## Configure Helmet Using the parent helmet() Middleware ## Configure Helmet Using the parent helmet() Middleware
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/configure-helmet-using-the-parent-helmet-middleware/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Solution
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - This lesson describes additional details on how to better use helmet and requires no modifications to the project to complete it.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> **Note:** Be sure to submit the link to the **live demo** of your project.

10
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-client-side-caching-with-helmet.nocache/index.md
View File

@ -3,8 +3,12 @@ title: Disable Client-Side Caching with helmet.noCache()
--- ---
## Disable Client-Side Caching with helmet.noCache() ## Disable Client-Side Caching with helmet.noCache()
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-client-side-caching-with-helmet.nocache/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Hint
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - You want your `app` to `use` helmet's `noCache()` method.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> ### Solution
- In the `myApp.js` file, add `app.use(helmet.noCache());` under the ninth instruction.
**Note:** Be sure to submit the link to the **live demo** of your project.

10
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-dns-prefetching-with-helmet.dnsprefetchcontrol/index.md
View File

@ -3,8 +3,12 @@ title: Disable DNS Prefetching with helmet.dnsPrefetchControl()
--- ---
## Disable DNS Prefetching with helmet.dnsPrefetchControl() ## Disable DNS Prefetching with helmet.dnsPrefetchControl()
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/disable-dns-prefetching-with-helmet.dnsprefetchcontrol/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Hint
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - You want your `app` to `use` helmet's `dnsPrefetchControl()` method.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> ### Solution
- In the `myApp.js` file add `app.use(helmet.dnsPrefetchControl());` under the eighth instructions.
**Note:** Be sure to submit the link to the **live demo** of your project.

22
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-asynchronously/index.md
View File

@ -3,8 +3,24 @@ title: Hash and Compare Passwords Asynchronously
--- ---
## Hash and Compare Passwords Asynchronously ## Hash and Compare Passwords Asynchronously
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-asynchronously/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Hint
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - The code for this lesson goes between the `//START_ASYNC` and `//END_ASYNC` lines in your server file.
- Use bcrypt's `hash()` method to hash a `plain text password` with a specific number of `salt rounds`.
- Then use bcrypt's `compare()` method to compare a `plain text password` with the results from the hash.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> ### Solution
- In the `server.js` file, add:
```javascript
bcrypt.hash(myPlaintextPassword, saltRounds, (err, hash) => {
console.log(hash);
bcrypt.compare(myPlaintextPassword, hash, (err, res) => {
console.log(res);
});
});
```
between the `//START_ASYNC` and `//END_ASYNC` lines.
- Check the console to see the results from the methods.
**Note:** Be sure to submit the link to the **live demo** of your project.

20
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-synchronously/index.md
View File

@ -3,8 +3,22 @@ title: Hash and Compare Passwords Synchronously
--- ---
## Hash and Compare Passwords Synchronously ## Hash and Compare Passwords Synchronously
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/hash-and-compare-passwords-synchronously/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Hint
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - The code for this lesson goes between the `//START_SYNC` and `//END_SYNC` lines in your server file.
- Use bcrypt's `hashSync()` method to hash a `plain text password` with a specific number of `salt rounds`, and set the results to a variable.
- Then use bcrypt's `compareSync()` method to compare a `plain text password` against the variable.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> ### Solution
- In the `server.js` file, add:
```javascript
let hash = bcrypt.hashSync(myPlaintextPassword, saltRounds);
console.log(hash);
let result = bcrypt.compareSync(myPlaintextPassword, hash);
console.log(result);
```
between the `//START_SYNC` and `//END_SYNC` lines.
- Check the console to see the results from the methods.
**Note:** Be sure to submit the link to the **live demo** of your project.

11
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/index.md
View File

@ -3,11 +3,12 @@ title: Information Security with HelmetJS
--- ---
## Information Security with HelmetJS ## Information Security with HelmetJS
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/mathematics/quadratic-equations/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. This set of lessons has two parts:
- The first part teaches how to introduce more security to your web site with helmetJS
- The second part teaches you how to encrypt passwords with bcrypt
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. Each part has it's own boilerplate project to get you started.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds -->
#### More Information: #### More Information:
<!-- Please add any articles you think might be helpful to read before writing the article --> [Helmet](https://helmetjs.github.io/)
[bcrypt](https://github.com/kelektiv/node.bcrypt.js#readme)

10
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen/index.md
View File

@ -3,8 +3,12 @@ title: Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()
--- ---
## Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen() ## Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Hint
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - You want your `app` to `use` helmet's `ieNoOpen()` method on each request.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> ### Solution
- In the `myApp.js` file add `app.use(helmet.ieNoOpen());` under the sixth instructions.
**Note:** Be sure to submit the link to the **live demo** of your project.

11
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/set-a-content-security-policy-with-helmet.contentsecuritypolicy/index.md
View File

@ -3,8 +3,13 @@ title: Set a Content Security Policy with helmet.contentSecurityPolicy()
--- ---
## Set a Content Security Policy with helmet.contentSecurityPolicy() ## Set a Content Security Policy with helmet.contentSecurityPolicy()
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/set-a-content-security-policy-with-helmet.contentsecuritypolicy/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. ### Hint
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. - You want your `app` to `use` helmet's `contentSecurityPolicy()` method.
- Be sure to give the `directives` object in the configuration a `defaultSrc` and `scriptSrc`.
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> ### Solution
- In the `myApp.js` file, add `app.use(helmet.contentSecurityPolicy({ directives: { defaultSrc: ["'self'"], scriptSrc: ["'self'", "trusted-cdn.com"] }} ))` under the tenth instruction.
**Note:** Be sure to submit the link to the **live demo** of your project.

14
guide/english/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes/index.md
View File

@ -3,8 +3,16 @@ title: Understand BCrypt Hashes
--- ---
## Understand BCrypt Hashes ## Understand BCrypt Hashes
This is a stub. <a href='https://github.com/freecodecamp/guides/tree/master/src/pages/certifications/information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes/index.md' target='_blank' rel='nofollow'>Help our community expand it</a>. **Starting with this lesson there is a new boilerplate project to clone on glitch.** So be sure to start by cloning that first!
<a href='https://github.com/freecodecamp/guides/blob/master/README.md' target='_blank' rel='nofollow'>This quick style guide will help ensure your pull request gets accepted</a>. ### Hint
<!-- The article goes here, in GitHub-flavored Markdown. Feel free to add YouTube videos, images, and CodePen/JSBin embeds --> - Add `bcrypt` to your project as a dependency.
- After you add it, you need to require it in the server file.
### Solution
- In the `package.json` file, click the `add package` button, search for `bcrypt`, and click it to add it to your project.
- Then, go in the `server.js` file, and require it by adding `const bcrypt = require('bcrypt');` near the top of the file by the rest of the dependencies.
**Note:** Be sure to submit the link to the **live demo** of your project.