This branch introduces a few more express middlewares that cover low-hanging security fruits.
What specifically has been introduced:
helmet as a powerhouse middleware. Covers the most common attacks by headers.
HSTS configurations with helmet.
CSP (Content Security Policy) configurations with helmet. These are rather loose right now but forbid a use in <iframes> for example.
Obfuscate server fingerprint by setting "X-Powered-By" header to "PHP 7.4.3". :stuck_out_tongue:
HTTP Parameter Pollution Protection middleware.
We might want to configure this stricter for future API endpoints if we need an endpoint with multiple same-parameter
* Request rate limiter to 100 requests per 15 minutes.
Request Payload Limiting to 100kb per payload. (Prevent DoS by large upload).
This branch introduces a few more express middlewares that cover low-hanging security fruits.
What specifically has been introduced:
helmet
as a powerhouse middleware. Covers the most common attacks by headers.helmet
.helmet
. These are rather loose right now but forbid a use in<iframes>
for example.