Merge pull request #5 from ryzbaka/master

Secured Node.js application from XSS

Author: hyperloo

app.js

@@ -7,13 +7,16 @@ require("dotenv").config();
 const tasks = require("./routes/api/tasks");
 const users = require("./routes/api/users");
 const auth = require("./routes/api/auth");
-
+const xss = require("xss-clean");
+const helmet = require("helmet");
 const app = express();
 
 /* ------------- Middleware ----------------*/
+app.use(helmet.contentSecurityPolicy());
 app.use(bodyParser.urlencoded({ extended: false }));
 app.use(bodyParser.json());
 app.use(cors());
+app.use(xss());
 
 /*---------- A simple CORS implementation ---------------------*/
 // app.use((req, res, next) => {

package.json

@@ -16,9 +16,11 @@
     "cors": "^2.8.5",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
+    "helmet": "^4.1.1",
     "jsonwebtoken": "^8.5.1",
     "mongoose": "^5.9.15",
-    "reactstrap": "^8.4.1"
+    "reactstrap": "^8.4.1",
+    "xss-clean": "^0.1.1"
   },
   "devDependencies": {
     "nodemon": "^2.0.2"