Book Image

Node.js Web Development - Fourth Edition

By : David Herron
Book Image

Node.js Web Development - Fourth Edition

By: David Herron

Overview of this book

Node.js is a server-side JavaScript platform using an event-driven, non-blocking I/O model allowing users to build fast and scalable data-intensive applications running in real time. This book gives you an excellent starting point, bringing you straight to the heart of developing web applications with Node.js. You will progress from a rudimentary knowledge of JavaScript and server-side development to being able to create, maintain, deploy and test your own Node.js application.You will understand the importance of transitioning to functions that return Promise objects, and the difference between fs, fs/promises and fs-extra. With this book you'll learn how to use the HTTP Server and Client objects, data storage with both SQL and MongoDB databases, real-time applications with Socket.IO, mobile-first theming with Bootstrap, microservice deployment with Docker, authenticating against third-party services using OAuth, and use some well known tools to beef up security of Express 4.16 applications.
Table of Contents (19 chapters)
Title Page
Dedication
Packt Upsell
Contributors
Preface
Index

Put on your Helmet for across-the-board security


Helmet (https://www.npmjs.com/package/helmet) is not a security silver bullet (do Helmet's authors think we're trying to protect against vampires?). Instead it is a toolkit for setting various security headers and taking other protective measures.

In the notes directory, install the package like so:

$ npm install helmet --save

Then add this to notes/app.mjs:

import helmet from 'helmet';
...
const app = express();
export default app;

app.use(helmet());

That's enough for most applications. Using Helmet out-of-the-box provides a reasonable set of default security options. We could be done with this section right now, except that it's useful to examine closely what Helmet does, and its options.

Helmet is actually a cluster of 12 modules for applying several security techniques. Each of the techniques can be individually enabled or disabled, and many have configuration settings to make.

Using Helmet to set the Content-Security-Policy header

The Content...