You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Was looking at the codebase for some stuff I've done in the past and noticed this:
setupFrontendApp(app);
secureHeaders(app);
Since it's using the express use concept, and that it's "using" after the router is setup, that means that all secure headers are essentially ignored until after the routes are completed, which means that this isn't securing anything.
I'm not sure what's being accomplished by having the security headers in a separate function since it's only used once? Why not just add it inline with all other express app settings right before the router is used?
The text was updated successfully, but these errors were encountered:
Was looking at the codebase for some stuff I've done in the past and noticed this:
Since it's using the express
useconcept, and that it's "using" after the router is setup, that means that all secure headers are essentially ignored until after the routes are completed, which means that this isn't securing anything.I'm not sure what's being accomplished by having the security headers in a separate function since it's only used once? Why not just add it inline with all other express app settings right before the router is used?
The text was updated successfully, but these errors were encountered: