gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
main
freeCodeCamp/curriculum/challenges/english/09-information-security/information-security-with-helmetjs/hide-potentially-dangerous-information-using-helmet.hidepoweredby.md
GM Fuster 3b056aa7b4 chore(replit): use correct brand name across codebase (#41941) 
* replace repl.it with replit.com in the English version

Replace repl.it to replit.com in the English version.  Chinese and Spanish versions have the same issue.

* Updated the repl.it to replit.com or Replit

I changed the text from replit.com to Replit and added the changes to the files outside the curriculum folder.

* Forgot removing one .com.

There was on Replit.com that I missed when I reviewed the files.

* Resolve conflicts

I got an unable to auto merge so resolving conflicts and trying again.

* try committing conflicts again

* Trying the conflicts again

* chore: fix typo in personal library

Co-authored-by: Shaun Hamilton <51722130+ShaunSHamilton@users.noreply.github.com>

Co-authored-by: gemmaf98 <44875585+gemmaf98@users.noreply.github.com>
Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>
Co-authored-by: Shaun Hamilton <51722130+ShaunSHamilton@users.noreply.github.com>
2021-04-29 11:13:38 +01:00

1.3 KiB
Raw Permalink Blame History

id, title, challengeType, forumTopicId, dashedName
id title challengeType forumTopicId dashedName
587d8247367417b2b2512c37 Hide Potentially Dangerous Information Using helmet.hidePoweredBy() 2 301580 hide-potentially-dangerous-information-using-helmet-hidepoweredby

--description--

As a reminder, this project is being built upon the following starter project on Replit, or cloned from GitHub.

Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express. X-Powered-By: Express is sent in every request coming from Express by default. Use the helmet.hidePoweredBy() middleware to remove the X-Powered-By header.

--hints--

helmet.hidePoweredBy() middleware should be mounted correctly

(getUserInput) =>
  $.get(getUserInput('url') + '/_api/app-info').then(
    (data) => {
      assert.include(data.appStack, 'hidePoweredBy');
      assert.notEqual(data.headers['x-powered-by'], 'Express');
    },
    (xhr) => {
      throw new Error(xhr.responseText);
    }
  );

--solutions--

/**
  Backend challenges don't need solutions, 
  because they would need to be tested against a full working project. 
  Please check our contributing guidelines to learn more.
*/