Refined #287 based on latest HelmetJS changes

Author: grtjn

app/templates/node-server/node-app.js

@@ -13,7 +13,19 @@ var port = options.appPort;
 var environment = options.env;
 
 // Making this middle-tier slightly more secure: https://www.npmjs.com/package/helmet#how-it-works
-app.use(helmet());
+app.use(helmet({
+  csp: { // enable and configure
+    directives: {
+      defaultSrc: ['"self"']
+    },
+    setAllHeaders: true
+  },
+  dnsPrefetchControl: true, // just enable, with whatever defaults
+  xssFilter: { // enabled by default, but override defaults
+    setOnOldIE: true
+  },
+  noCache: false // make sure it is disabled
+}));
 
 app.use(expressSession({
   name: '@sample-app-name',

app/templates/package.json

@@ -5,7 +5,7 @@
     "body-parser": "^1.14.0",
     "express": "^4.4.1",
     "express-session": "^1.5.0",
-    "helmet": "^1.1.0",
+    "helmet": "^2.0.0",
     "morgan": "^1.6.0"
   },
   "devDependencies": {