Every line of 'express set headers' code snippets is scanned for vulnerabilities by our powerful machine learning engine that combs millions of open source libraries, ensuring your JavaScript code is secure.
72 export function setHeaders(res, headers) { 73 if (!headers) { 74 return 75 } 76 for (const key of Object.keys(headers)) { 77 res.setHeader(key, headers[key]) 78 } 79 }
Secure your code as it's written. Use Snyk Code to scan source code in minutes – no build needed – and fix issues immediately. Enable Snyk Code
209 injectCorsHeader(req, res, next) { 210 if (!req.headers['origin']) { 211 return next(); 212 } 213 214 res.setHeader('access-control-allow-origin', req.headers['origin']); 215 res.setHeader('access-control-allow-credentials', 'true'); 216 res.setHeader('access-control-expose-headers', this.corsExposeHeaders); 217 return next(); 218 }
85 function setHeader(req, res, next) { 86 res.writeHead(200, {'age': '42'}); 87 return next(); 88 }
5 async use(context: any, next: (err?: any) => any): Promise<any> { 6 context.set('Access-Control-Allow-Methods', 'GET,HEAD,PUT,POST,DELETE,PATCH') 7 context.set('Access-Control-Allow-Origin', context.request.header.origin || context.request.origin) 8 context.set('Access-Control-Allow-Headers', ['content-type']) 9 context.set('Access-Control-Allow-Credentials', 'true') 10 context.set('Content-Type', 'application/json; charset=utf-8') 11 return next() 12 }
83 public flushHeaders() { 84 if (!this.response.headersSent) { 85 this.response.flushHeaders(); 86 } 87 }
443 function setHeader(res, field, value) { 444 if (!res.getHeader(field)) 445 res.setHeader(field, value) 446 }
6 function secureHeaders (app, frontendApp) { 7 // Content Security Policy 8 app.use(helmet.contentSecurityPolicy({ 9 directives: { 10 defaultSrc: ["'none'"], 11 // Allow <script> tags hosted by ourselves and from atlassian when inserted into an iframe 12 scriptSrc: ["'self'", process.env.APP_URL, 'https://*.atlassian.net', 'https://*.jira.com'], 13 // Allow XMLHttpRequest/fetch requests 14 connectSrc: ["'self'", process.env.APP_URL], 15 // Allow <style> tags hosted by ourselves as well as style="" attributes 16 styleSrc: ["'self'", "'unsafe-inline'"], 17 // Allow self-hosted images, data: images, organization images and the error image 18 imgSrc: ["'self'", 'data:', 'https://*.githubusercontent.com', 'https://octodex.github.com'] 19 } 20 })) 21 // Enable HSTS with the value we use for education.github.com 22 app.use(helmet.hsts({ 23 maxAge: 15552000 24 })) 25 // X-Frame / Clickjacking protection 26 // Disabling this. Will probably need to dynamically 27 // set this based on the referrer URL and match if it's *.atlassian.net or *.jira.com 28 // app.use(helmet.frameguard({ action: 'deny' })) 29 // MIME-Handling: Force Save in IE 30 app.use(helmet.ieNoOpen()) 31 // Disable cachingç 32 app.use(helmet.noCache()) 33 // Disable mimetype sniffing 34 app.use(helmet.noSniff()) 35 // Basic XSS Protection 36 app.use(helmet.xssFilter()) 37 38 // Remove the X-Powered-By 39 // This particular combination of methods works 40 frontendApp.disable('x-powered-by') 41 app.use(helmet.hidePoweredBy()) 42 }
21 function cacheHeaders(req, res, next) { 22 const exp = strftime('%a, %d %b %Y %H:%M:%S GMT', 23 (new Date(Date.now() + 7 * 24 * 60 * 60 * 1000))); 24 res.setHeader('Expires', exp); 25 next(); 26 }
38 public getHeader(field: string): string | undefined { 39 return this.req.header(field); 40 }