Files

KowalewskiPawel 057eb0cf2a fix(curriculum): Typo correction in defaultSrc: ["'self'"] (#42220 )

Missing a single quote resulting may be misleading for some of the students.

2021-05-25 23:18:08 +04:00

1.5 KiB

Raw Blame History

id, title, challengeType, forumTopicId, dashedName

id	title	challengeType	forumTopicId	dashedName
587d8249367417b2b2512c40	Configure Helmet Using the ‘parent’ helmet() Middleware	2	301575	configure-helmet-using-the-parent-helmet-middleware

--description--

As a reminder, this project is being built upon the following starter project on Replit, or cloned from GitHub.

app.use(helmet()) will automatically include all the middleware introduced above, except noCache(), and contentSecurityPolicy(), but these can be enabled if necessary. You can also disable or configure any other middleware individually, using a configuration object.

Example:

app.use(helmet({
  frameguard: {         // configure
    action: 'deny'
  },
  contentSecurityPolicy: {    // enable and configure
    directives: {
      defaultSrc: ["'self'"],
      styleSrc: ['style.com'],
    }
  },
  dnsPrefetchControl: false     // disable
}))

We introduced each middleware separately for teaching purposes and for ease of testing. Using the ‘parent’ helmet() middleware is easy to implement in a real project.

--hints--

no tests - it's a descriptive challenge

assert(true);

--solutions--

/**
  Backend challenges don't need solutions, 
  because they would need to be tested against a full working project. 
  Please check our contributing guidelines to learn more.
*/

1.5 KiB Raw Blame History Unescape Escape

--description--

--hints--

--solutions--

1.5 KiB

Raw Blame History