python (65.1k questions)

javascript (44.2k questions)

reactjs (22.7k questions)

java (20.8k questions)

c# (17.4k questions)

html (16.3k questions)

r (13.7k questions)

android (12.9k questions)

Questions - helmet.js

Does Using Helmet Package Protect My Frontend Aswell in Node.js with React.js

I have a question about how will i secure my frontend if i am using nodejs as a backend. For example i created my website fully with react as a frontend and my backend with nodejs and used Axios to ge...
test-img

motionless570

javascript

node.js

reactjs

helmet.js

Votes: 0

Answers: 1

Latest Answer

tl;dr: to get Helmet's protections, you need to set Helmet's headers on whatever serves your pages. If your HTML pages are served by your Node backend, then you'll do it there. Helmet maintainer here....
test-img

Evan Hahn

Why is my nonce being ignored in node.js?

I get the following error message when I try to call a script with a nonce: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-sr...
test-img

Bragon

node.js

content-security-policy

nonce

helmet.js

Votes: 0

Answers: 1

Latest Answer

Helmet maintainer here. This looks to be an issue with your inline event handler (onclick="delItem(this.id)"). You can fix this by changing the inline event handler. Try adding the following...
test-img

Evan Hahn

Express CSP Nonce with TypeScript

I have an express project in TypeScript and I tried to add a CSP Nonce with Helmet. app.use(helmet.contentSecurityPolicy({ useDefaults: true, directives: { scriptSrc: ["'self'&quo...
test-img

Fridolin1

typescript

express

helmet.js

Votes: 0

Answers: 1

Latest Answer

In short: cast res to an Express Response. See the code snippet below. This is a TypeScript-only error. res.locals is an Express feature, but Helmet is designed to work without Express, so res.locals ...
test-img

Evan Hahn

Express js : Content security header is not reflecting

In my express js application I have enabled the helmet for the security implementation const app = express(); app.use(function (req, res, next) { res.header("Access-Control-Allow-Origin"...
test-img

shamon shamsudeen

javascript

express

helmet.js

Votes: 0

Answers: 1

Latest Answer

Figure it out the issue i have to set the CSP through helmet configuration app.use(helmet.contentSecurityPolicy({ useDefaults: false, directives: { defaultSrc: ["'self'"], ...
test-img

shamon shamsudeen

Posts

Questions

Blogs

Jobs