Closed Jordan-Hall closed 3 years ago
what is the reason to check for
emptyObject
and then using the config object under the if. did you mean not empty? just read the codes and didn't get it.
because by default it should apply all of the security measures. It was a way to keep the current setup but also disable sections
That's ok but what i meant was the logic you wrote
const emptyObject = Object.keys(config).length === 0;
if (emptyObject || config.helmet) {
this.app.use(helmet(config.helmet));
}
if there is no helmet
property you are passing undefined to helmet function.
IMO it should be if (!emptyObject || config.helmet)
.
this way it will disable it.
I believe its currently passing in unfinded. So it's keeping it the way its currently working
@Jordan-Hall Thanks for this. Please could you fix the merge conflict?
Done.
@amirtgm using !emptyObject would be a breaking change and isn't the desired change. By default it should enable all three
Thanks @Jordan-Hall
Not sure if this is the right thing to do. However, when you cant just set halemt and cors without csurf.