Code Snippets

3 examples of 'express headers' in JavaScript

Every line of 'express headers' code snippets is scanned for vulnerabilities by our powerful machine learning engine that combs millions of open source libraries, ensuring your JavaScript code is secure.

All examples are scanned by Snyk Code

By copying the Snyk Code Snippets you agree to
this disclaimer
integrations/jira
6function secureHeaders (app, frontendApp) {
7  // Content Security Policy
8  app.use(helmet.contentSecurityPolicy({
9    directives: {
10      defaultSrc: ["'none'"],
11      // Allow <script> tags hosted by ourselves and from atlassian when inserted into an iframe
12      scriptSrc: ["'self'", process.env.APP_URL, 'https://*.atlassian.net', 'https://*.jira.com'],
13      // Allow XMLHttpRequest/fetch requests
14      connectSrc: ["'self'", process.env.APP_URL],
15      // Allow <style> tags hosted by ourselves as well as style="" attributes
16      styleSrc: ["'self'", "'unsafe-inline'"],
17      // Allow self-hosted images, data: images, organization images and the error image
18      imgSrc: ["'self'", 'data:', 'https://*.githubusercontent.com', 'https://octodex.github.com']
19    }
20  }))
21  // Enable HSTS with the value we use for education.github.com
22  app.use(helmet.hsts({
23    maxAge: 15552000
24  }))
25  // X-Frame / Clickjacking protection
26  // Disabling this. Will probably need to dynamically
27  // set this based on the referrer URL and match if it's *.atlassian.net or *.jira.com
28  // app.use(helmet.frameguard({ action: 'deny' }))
29  // MIME-Handling: Force Save in IE
30  app.use(helmet.ieNoOpen())
31  // Disable cachingç
32  app.use(helmet.noCache())
33  // Disable mimetype sniffing
34  app.use(helmet.noSniff())
35  // Basic XSS Protection
36  app.use(helmet.xssFilter())
37
38  // Remove the X-Powered-By
39  // This particular combination of methods works
40  frontendApp.disable('x-powered-by')
41  app.use(helmet.hidePoweredBy())
42}
Important

Use secure code every time

Secure your code as it's written. Use Snyk Code to scan source code in minutes – no build needed – and fix issues immediately. Enable Snyk Code

Azure/Azurite
38public getHeader(field: string): string | undefined {
39  return this.req.header(field);
40}
puzzle-js/puzzle-js
88addCustomHeaders(customHeaders?: ICustomHeader[]) {
89    if (customHeaders) {
90        this.addUse(null, (req, res, next) => {
91            customHeaders.forEach((customHeader) => {
92                let value: string | undefined = customHeader.value.toString();
93                if (customHeader.isEnv && value && process.env[value]) {
94                    value = process.env[value];
95                }
96                res.header(customHeader.key, value);
97            });
98            next();
99        });
100    }
101}

Related snippets

  1. express set headers
  2. express setheader
  3. express set header
  4. express ws
  5. express delete route
  6. app delete express
  7. axios response headers
  8. express delete by id
  9. router post express
  10. express status code
  11. express router post
  12. express urlencoded
  13. express engine
  14. sentry express
  15. express http context
  16. express exports
  17. express winston
  18. axios set header
  19. xmlhttprequest set header
  20. axios get response headers
  21. app.post express