Skip to content

Enhancement: Implement Helmet and HPP for security (#56) #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Enhancement: Implement Helmet and HPP for security (#56) #99

wants to merge 5 commits into from
+86 −0

Conversation

100NikhilBro
Copy link
Contributor

Security Improvement Suggestion

Summary

This PR enhances backend security by adding helmet and hpp middlewares.

Implemented Changes

  • Added a centralized security middleware (middleware/security.js)
  • Configured Helmet for secure HTTP headers
  • Configured HPP to prevent HTTP parameter pollution
  • Disabled Express 'x-powered-by' header
  • Ensured frontend compatibility (CSP and COEP disabled)

Why

Improves API resilience and prevents common web vulnerabilities as discussed in Issue #56.

@netlify Netlify
Copy link

netlify bot commented Oct 8, 2025
edited
Loading

Deploy Preview for paisable canceled.

Name Link
🔨 Latest commit c59ea09
🔍 Latest deploy log https://app.netlify.com/projects/paisable/deploys/68e69ac61e2d7c000870ae75

@100NikhilBro
Copy link
Contributor Author

Hi @Avdhesh-Varshney @archa8,
I’ve created the PR. Please review it whenever you get a chance and let me know if any improvements are needed. 😊

archa8
archa8 requested changes Oct 8, 2025
View reviewed changes
Copy link
Member

@archa8 archa8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have left a comment on server.js. Kindly make the respective changes.

Avdhesh-Varshney
Avdhesh-Varshney reviewed Oct 8, 2025
View reviewed changes
Copy link
Member

@Avdhesh-Varshney Avdhesh-Varshney left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@100NikhilBro I think for CSP and Origin, You should use valid values instead disabling them. First test so that FE doesn't break.

@100NikhilBro
Copy link
Contributor Author

@Avdhesh-Varshney Got it! Yeah, you’re right — I’ll test it properly to ensure the FE doesn’t break. I’ll check everything in the next 2–3 days and update the PR accordingly. 👍

@archa8 archa8 linked an issue Oct 9, 2025 that may be closed by this pull request
enhancement: Security Improvement Suggestion #56
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avdhesh-Varshney Avdhesh-Varshney Avdhesh-Varshney left review comments

@archa8 archa8 archa8 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

enhancement: Security Improvement Suggestion

3 participants

@100NikhilBro @Avdhesh-Varshney @archa8