How to use the helmet.ienoopen function in helmet
To help you get started, we’ve selected a few helmet examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
duyetdev / node-rtb-server / server.js View on Github 
app.use(bodyParser.json());
app.use(compression({level: 9})); //use compression
app.use(methodOverride());
// CookieParser should be above session
app.use(cookieParser());
// connect flash for flash messages
//app.use(flash());
// Use helmet to secure Express headers
// app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.disable('x-powered-by');
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header("Access-Control-Allow-Headers", "x-openrtb-version,Content-Type,*");
res.header("X-Frame-Options", "ALLOWALL");
if (req.method === 'OPTIONS') {
console.log("INFO: Browser send OPTIONS request.");
res.statusCode = 204;
return res.end();
} else {
return next();
}
});if (NODE_ENV !== 'production') {
debug.enable('dev,server');
} else {
debug.enable('server');
}
// expressjs middlewares
server.use(require('response-time')());
server.use(require('morgan')('tiny'));
// helmet middlewares / security
server.use(helmet.xframe());
server.use(helmet.xssFilter());
server.use(helmet.nosniff());
server.use(helmet.ienoopen());
server.disable('x-powered-by');
// enable body parser
server.use(require('body-parser').json());
// Should be placed before express.static
server.use(require('compression')({
// only compress files for the following content types
filter: function(req, res) {
return (/json|text|javascript|css/)
.test(res.getHeader('Content-Type'));
},
// zlib option for compression level
level: 3
}));collection: config.sessionCollection
})
}));
// use passport session
app.use(passport.initialize());
app.use(passport.session());
// connect flash for flash messages
app.use(flash());
// Use helmet to secure Express headers
app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.disable('x-powered-by');
// Setting the app router and static folder
app.use(express.static(path.resolve('./public')));
// Globbing routing files
config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) {
require(path.resolve(routePath))(app);
});
// Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc.
app.use(function(err, req, res, next) {
// If the error object doesn't exists
if (!err) return next();
// Log itfunction initHelmetHeaders(app) {
// Use helmet to secure Express headers
app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.disable('x-powered-by');
}}
next(); // otherwise continue
});
/** Use passport session */
app.use(passport.initialize());
app.use(passport.session());
/** Flash messages */
app.use(require(__base + 'core/middleware/flash-plugin.js'));
/** Use helmet to secure Express headers */
app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.disable('x-powered-by');
/** Passing the request url to environment locals */
app.use(function (req, res, next) {
res.locals.url = req.protocol + '://' + req.headers.host + req.url;
res.locals.path = req.protocol + '://' + req.headers.host;
res.locals.route = req.url;
if (req.user) {
res.locals.__user = req.user;
}
next();
});
/** Store module status (active|unactive) in Redis */module.exports.initHelmetHeaders = function (app) {
// Use helmet to secure Express headers
var SIX_MONTHS = 15778476000;
app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.use(helmet.hsts({
maxAge: SIX_MONTHS,
includeSubdomains: true,
force: true
}));
app.disable('x-powered-by');
};collection: config.sessionCollection
})
}));
// use passport session
app.use(passport.initialize());
app.use(passport.session());
// connect flash for flash messages
app.use(flash());
// Use helmet to secure Express headers
app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.disable('x-powered-by');
// Setting the app router and static folder
app.use(express.static(path.resolve('./public')));
// Globbing routing files
config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) {
require(path.resolve(routePath))(app);
});
// Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc.
app.use(function(err, req, res, next) {
// If the error object doesn't exists
if (!err) return next();
// Log itextended: true
}));
app.use(bodyParser.json());
app.use(methodOverride());
// CookieParser should be above session
app.use(cookieParser());
// connect flash for flash messages
app.use(flash());
// Use helmet to secure Express headers
app.use(helmet.xframe());
app.use(helmet.xssFilter());
app.use(helmet.nosniff());
app.use(helmet.ienoopen());
app.disable('x-powered-by');
// Setting the app router and static folder
app.use(express.static(path.resolve('./public')));
// Globbing routing files
config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) {
require(path.resolve(routePath))(app);
});
// Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc.
app.use(function(err, req, res, next) {
// If the error object doesn't exists
if (!err) return next();
// Log it{
console.log(error.toString());
emitError(res, 500, error.toString());
return;
}
emitSuccess(res, 'The project was successfully published.')
}}(seq));
}
var app = express()
.use(express.logger(':remote-addr :method :url :status :res[content-length] - :response-time ms'))
.use(helmet.hidePoweredBy())
.use(helmet.xframe('sameorigin'))
.use(helmet.xssFilter())
.use(helmet.ienoopen())
.use(helmet.nosniff())
.use(helmet.crossdomain())
.use(function(req, res, next)
{
req.url = req.url.replace(/^\/build\/data\//, '/data/');
next();
})
.use(function(req, res, next)
{
if(req.url.indexOf('?_') > -1)
req.url = req.url.substring(0, req.url.indexOf('?_'));
next();
})
.use(express['static'](ENGI, { maxAge: 60 * 60 * 24 * 1000 }))
.use(express['static'](PROJECT, { maxAge: 0 }))helmet
help secure Express/Connect apps with various HTTP headers
Package Health Score
92 / 100Popular helmet functions
- helmet
- helmet.contentSecurityPolicy
- helmet.contentTypeOptions
- helmet.csp
- helmet.dnsPrefetchControl
- helmet.featurePolicy
- helmet.frameguard
- helmet.hidePoweredBy
- helmet.hpkp
- helmet.hsts
- helmet.ieNoOpen
- helmet.ienoopen
- helmet.iexss
- helmet.noCache
- helmet.noSniff
- helmet.nosniff
- helmet.permittedCrossDomainPolicies
- helmet.referrerPolicy
- helmet.xframe
- helmet.xssFilter