Add helmetjs for security

2014-12-03 23:32:33 +00:00 · 2014-12-03 23:32:33 +00:00 · 9210a94163
commit 9210a94163
parent acb129899d
2 changed files with 12 additions and 0 deletions
--- a/app.js
+++ b/app.js
@ -1,5 +1,6 @@
 "use strict";
 var express = require('express');
 var helmet = require('helmet');
 var path = require('path');
 var favicon = require('serve-favicon');
 var logger = require('morgan');
@ -18,6 +19,7 @@ app.set('view engine', 'ejs');
 // uncomment after placing your favicon in /public
 //app.use(favicon(__dirname + '/public/favicon.ico'));
 app.use(helmet());
 app.use(logger('dev'));
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: false }));
@ -30,6 +32,15 @@ app.use(session({
 app.use(flash());
 app.use(express.static(path.join(__dirname, 'public')));
 // force SSL
 app.get('*', function(req,res,next) {
  if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] != 'https') {
    res.redirect(req.headers['host'] + req.url);
  } else {
    next();
  }
 });
 app.use('/', routes);
 // catch 404 and forward to error handler
--- a/package.json
+++ b/package.json
@ -17,6 +17,7 @@
    "ejs": "~0.8.5",
    "express": "~4.9.0",
    "express-session": "^1.9.2",
    "helmet": "^0.5.2",
    "morgan": "~1.3.0",
    "playmusic": "^1.1.0",
    "rdio": "^1.5.2",