38 lines
743 B
Plaintext
38 lines
743 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
In Express.js application the code is sensitive if, when using https://www.npmjs.com/package/helmet[helmet], the ``noSniff`` middleware is disabled:
|
|
|
|
----
|
|
const express = require('express');
|
|
const helmet = require('helmet');
|
|
|
|
let app = express();
|
|
|
|
app.use(
|
|
helmet({
|
|
noSniff: false, // Sensitive
|
|
})
|
|
);
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
When using ``helmet`` in an Express.js application, the ``noSniff`` middleware should be enabled (it is also done by default):
|
|
|
|
----
|
|
const express = require('express');
|
|
const helmet= require('helmet');
|
|
|
|
let app = express();
|
|
|
|
app.use(helmet.noSniff());
|
|
----
|
|
|
|
include::../see.adoc[]
|