Add Helmet to protect against common web vulnerabilities
Change-Id: I04329eb8a41c06b74a25ae47281f9b3bde7fc391
diff --git a/package-lock.json b/package-lock.json
index 401cfae..73599b7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9794,6 +9794,14 @@
"integrity": "sha512-Rf4YVNYpKjZ6ASAmibcwTNciQ5Co5Ztq6iZPEykHpkoflnD/K5ryE/rHehFsTm4NJj8nKDhbi3eKBWGogmNnkg==",
"dev": true
},
+ "node_modules/helmet": {
+ "version": "6.0.0",
+ "resolved": "https://registry.npmjs.org/helmet/-/helmet-6.0.0.tgz",
+ "integrity": "sha512-FO9RpR1wNJepH/GbLPQVtkE2eESglXL641p7SdyoT4LngHFJcZheHMoyUcjCZF4qpuMMO1u5q6RK0l9Ux8JBcg==",
+ "engines": {
+ "node": ">=14.0.0"
+ }
+ },
"node_modules/hey-listen": {
"version": "1.0.8",
"resolved": "https://registry.npmjs.org/hey-listen/-/hey-listen-1.0.8.tgz",
@@ -17653,6 +17661,7 @@
"argon2": "^0.29.1",
"express": "^4.18.2",
"express-async-handler": "^1.2.0",
+ "helmet": "^6.0.0",
"jose": "^4.10.0",
"loglevel": "^1.8.0",
"reflect-metadata": "^0.1.13",
@@ -24737,6 +24746,11 @@
}
}
},
+ "helmet": {
+ "version": "6.0.0",
+ "resolved": "https://registry.npmjs.org/helmet/-/helmet-6.0.0.tgz",
+ "integrity": "sha512-FO9RpR1wNJepH/GbLPQVtkE2eESglXL641p7SdyoT4LngHFJcZheHMoyUcjCZF4qpuMMO1u5q6RK0l9Ux8JBcg=="
+ },
"hey-listen": {
"version": "1.0.8",
"resolved": "https://registry.npmjs.org/hey-listen/-/hey-listen-1.0.8.tgz",
@@ -25495,6 +25509,7 @@
"argon2": "^0.29.1",
"express": "^4.18.2",
"express-async-handler": "^1.2.0",
+ "helmet": "^6.0.0",
"jose": "^4.10.0",
"loglevel": "^1.8.0",
"nodemon": "^2.0.20",
diff --git a/server/package.json b/server/package.json
index a3a4c8a..6d17ce8 100644
--- a/server/package.json
+++ b/server/package.json
@@ -26,6 +26,7 @@
"argon2": "^0.29.1",
"express": "^4.18.2",
"express-async-handler": "^1.2.0",
+ "helmet": "^6.0.0",
"jose": "^4.10.0",
"loglevel": "^1.8.0",
"reflect-metadata": "^0.1.13",
diff --git a/server/src/app.ts b/server/src/app.ts
index 85e6b10..53c8c23 100644
--- a/server/src/app.ts
+++ b/server/src/app.ts
@@ -16,6 +16,7 @@
* <https://www.gnu.org/licenses/>.
*/
import express, { json, NextFunction, Request, Response } from 'express';
+import helmet from 'helmet';
import { HttpStatusCode } from 'jami-web-common';
import log from 'loglevel';
import { Service } from 'typedi';
@@ -28,6 +29,8 @@
async build() {
const app = express();
+ // Setup middleware
+ app.use(helmet());
app.use(json());
// Setup routing