Merge branch 'master' of github.com:je-poy/UrlCompressor-Server into testing

Author: hyperloo

app.js

@@ -1,6 +1,7 @@
 const express = require("express");
 const mongoose = require("mongoose");
 const bodyParser = require("body-parser");
+const helmet = require("helmet");
 const cors = require("cors");
 
 const url = require("./routes/api/url");
@@ -11,6 +12,14 @@ const Url = require("./models/url");
 
 const app = express();
 
+app.use(helmet.permittedCrossDomainPolicies());
+app.use(helmet.xssFilter());
+
+app.use(helmet.dnsPrefetchControl({ allow: true }));
+app.use(helmet.frameguard({ action: 'sameorigin' }));
+app.use(helmet.hidePoweredBy({ setTo: 'your dummy tech' }));
+app.use(helmet.hsts({ maxAge: 2592000 })); //30 days max age
+
 app.use(bodyParser.urlencoded({ extended: false }));
 app.use(bodyParser.json());
 app.use(cors());

package.json

@@ -15,6 +15,7 @@
     "body-parser": "^1.19.0",
     "cors": "^2.8.5",
     "express": "^4.17.1",
+    "helmet": "^4.1.1",
     "jsonwebtoken": "^8.5.1",
     "mongoose": "^5.9.15",
     "shortid": "^2.2.15",