Suggestion for Information Security course: update helmet to v5 #45368
Labels
scope: curriculum
Lessons, Challenges, Projects and other Curricular Content in curriculum directory.
status: discussing
Under discussion threads. Closed as stale after 60 days of inactivity.
type: feature request
Threads classified to be feature requests. Implementation to be considered as a nice to have
When following throughout this course on freeCodeCamp, I noticed that the boilerplate challenges use helmet v3. I suggest to update the curriculum to use helmet v5 as I found out the older version has some security issues.
And one of them is about setting the
X-XSS-Protection
HTTP header. In helmet v3, usinghelmet.xssFilter()
will set the header toX-XSS-Protection: 1; mode=block
. This enables browsers' buggy cross-site scripting filter. Meanwhile in v5, it will setX-XSS-Protection: 0
by default.Affected page
Expected behavior
helmet.xssfilter()
middleware set theX-XSS-Protection
header to0
.Additional context
The text was updated successfully, but these errors were encountered: