Hi,
I would like to know what is the best practice / how you add the following http security headers in Wappler for your site / app (with nodejs) :
Hi,
Did you get an answer for this? I’d also like to know how to add these response headers.
Thanks
Allan
Nope (
Hi @patrick,
How do we add these security headers to a NodeJS app? I’ve run scans on various web security checking sites and they all report these headers missing with a strong advisory to include them?
Thanks,
Allan
NodeJS normally runs behind a reverse proxy which runs in front of it. The reverse proxy provides the support for https and can also be configured to add extra headers to the responses.
Any progress on this ?
A simple set of KV pairs that can be sent with each response should do it.
Is there a reason not to include it ?
You can add the helmet middleware for the security headers:
exports.handler = function(app) {
const helmet = require("helmet")
app.use(helmet());
}
Don’t forget to install the helmet module:
npm i helmet
For the helmet options see:
helmetjs/helmet: Help secure Express apps with various HTTP headers (github.com)
Documentation for extending express in Server Connect:
Extending express (NodeJS) - Docs / Wappler Extensibility - Wappler Community