-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to make it more secure? #106
Comments
Similar to an express app, adding middlewares can help improve security. I think helmet is a great start, along with a rate limiter like express-rate-limit and maybe cors. As an example, create a new file for your desired middleware: // @/middlewares/helmet.js
import helmet from 'helmet';
helmet.contentSecurityPolicy({
directives: {
...helmet.contentSecurityPolicy.getDefaultDirectives(),
'script-src': ['self', process.env.WEB_URI],
},
reportOnly: process.env.NODE_ENV === 'development',
});
export default helmet; Then add the middleware into the chain of // middlewares/all.js
const middleWares = nc().use(helmet).use(cors)... // rest of middleswares Hope that helps! |
Forgot to add that having some sort of schema validation can also help with security. Mongoose is a popular Object Data Modeling (ODM) package though MongoDB now offers its own schema validation. |
Thank you for the repo and tutorials!
The readme tells that
What would be your recommendations to improve the security of the current approach?
The text was updated successfully, but these errors were encountered: