Closed ruichen199801 closed 1 year ago
We can use Helmet (https://helmetjs.github.io/) to add a set of protections to our express app, including setting response headers properly.
Notes:
contentSecurityPolicy
crossOriginEmbedderPolicy
We can use Helmet (https://helmetjs.github.io/) to add a set of protections to our express app, including setting response headers properly.
Notes:
contentSecurityPolicy
as images and google map won't load. We can alternatively whitelist the urls, but it's more convenient to just disable it.crossOriginEmbedderPolicy
rules as this causes issue when calling GoogleMap APIs: https://github.com/helmetjs/helmet/issues/343