gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
95aacb6c025a5234c5d517adc4267a64595d91e9
freeCodeCamp/curriculum/challenges/english/06-information-security-and-quality-assurance/information-security-with-helmetjs/hide-potentially-dangerous-information-using-helmet.hidepoweredby.english.md
Jonathan Neidel 95aacb6c02 Update challenge descriptions with code tags (#35539) 
* Update challenge descriptions with code tags

Updates multiple challanges in the category: Information Security with
HelmetJS

* Fix(wording): security with helmetjs

Co-Authored-By: jneidel <github@jneidel.com>
2019-03-10 08:21:12 -07:00

1.4 KiB
Raw Blame History

id, title, challengeType
id title challengeType
587d8247367417b2b2512c37 Hide Potentially Dangerous Information Using helmet.hidePoweredBy() 2

Description

As a reminder, this project is being built upon the following starter project on Glitch, or cloned from GitHub. Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express. X-Powered-By: Express is sent in every request coming from Express by default. The helmet.hidePoweredBy() middleware will remove the X-Powered-By header. You can also explicitly set the header to something else, to throw people off. e.g. app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))

Instructions

Tests

tests:
  - text: helmet.hidePoweredBy() middleware should be mounted correctly
    testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'hidePoweredBy'); assert.notEqual(data.headers['x-powered-by'], 'Express')}, xhr => { throw new Error(xhr.responseText); })

Challenge Seed

Solution

// solution required