Skip to content

Commit 99137b8

Browse files
Merge pull request #110 from Real-Dev-Squad/feature/security-headers
Remove unneeded response headers
2 parents de51d41 + fe3033f commit 99137b8

File tree

2 files changed

+16
-1
lines changed

2 files changed

+16
-1
lines changed

middlewares/index.js

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,19 +16,33 @@ const middleware = (app) => {
1616
// Middleware for sending error responses with express response object. To be required above all middlewares
1717
app.use(boom())
1818

19+
// Initialise logging middleware
1920
app.use(morgan('combined', { stream: logger.stream }))
2021

2122
// Request parsing middlewares
2223
app.use(express.json())
2324
app.use(express.urlencoded({ extended: false }))
2425
app.use(cookieParser())
25-
app.use(helmet())
26+
27+
// Middleware to add security headers. Few headers have been disabled as it does not serve any purpose for the API.
28+
app.use(
29+
helmet({
30+
contentSecurityPolicy: false,
31+
dnsPrefetchControl: false,
32+
ieNoOpen: false,
33+
referrerPolicy: false,
34+
xssFilter: false
35+
})
36+
)
37+
2638
app.use(cors({
2739
origin: config.get('cors.allowedOrigins'),
2840
credentials: true,
2941
optionsSuccessStatus: 200
3042
}))
3143
app.use(contentTypeCheck)
44+
45+
// Initialise authentication middleware
3246
app.use(passport.initialize())
3347

3448
// Enable Swagger API docs in non-production environments

middlewares/responseHeaders.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
/**
22
* Middleware to attach Cache header.
33
* https://support.cloudflare.com/hc/en-us/articles/200172516-Understanding-Cloudflare-s-CDN
4+
* @todo: Remove the middleware for all routes and modify cache max-age of each route individually as per required
45
*
56
* @param {object} req - Express request object
67
* @param {object} res - Express response object

0 commit comments

Comments
 (0)