Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,090 --> 00:00:02,080
So, in this video,
2
00:00:02,080 --> 00:00:04,810
we're gonna use yet another NPM package
3
00:00:04,810 --> 00:00:06,320
in order to set a couple of
4
00:00:06,320 --> 00:00:09,523
really important security http headers.
5
00:00:11,150 --> 00:00:12,570
So, to set these headers
6
00:00:12,570 --> 00:00:15,530
we will yet again use a middleware function
7
00:00:15,530 --> 00:00:17,993
which will come again from an NPM package.
8
00:00:18,890 --> 00:00:21,050
So, let's install that
9
00:00:21,050 --> 00:00:23,293
and it's called helmet.
10
00:00:24,400 --> 00:00:27,800
So this is kind of a standard in express development
11
00:00:27,800 --> 00:00:29,980
so everyone who's building an express app
12
00:00:29,980 --> 00:00:33,550
should always use this helmet package, all right.
13
00:00:33,550 --> 00:00:35,950
Because again, express doesn't use
14
00:00:35,950 --> 00:00:39,030
all the security best practices out of the box.
15
00:00:39,030 --> 00:00:42,730
And so we basically need to manually go ahead
16
00:00:42,730 --> 00:00:45,453
and put them there, okay.
17
00:00:46,960 --> 00:00:49,283
So, const, helmet,
18
00:00:51,060 --> 00:00:52,053
require,
19
00:00:53,780 --> 00:00:54,613
helmet.
20
00:00:55,790 --> 00:00:59,253
Okay and so let's do this right after this one,
21
00:01:00,720 --> 00:01:02,920
and this one couldn't be any easier
22
00:01:02,920 --> 00:01:05,170
all we need to do is call helmet here
23
00:01:06,420 --> 00:01:08,810
and so that will then produce the middleware function
24
00:01:08,810 --> 00:01:12,520
that should be put right here, okay.
25
00:01:12,520 --> 00:01:13,870
So in app.use,
26
00:01:13,870 --> 00:01:17,220
we always need a function, not a function call, right?
27
00:01:17,220 --> 00:01:19,380
So here we are calling this function
28
00:01:19,380 --> 00:01:21,860
and this will then in turn return a function
29
00:01:21,860 --> 00:01:25,450
that's gonna be sitting here until it's called, all right.
30
00:01:25,450 --> 00:01:28,660
And it's best to use this helmet package
31
00:01:28,660 --> 00:01:30,550
early in the middleware stack
32
00:01:30,550 --> 00:01:34,180
so that these headers are really sure to be set, okay.
33
00:01:34,180 --> 00:01:36,370
So don't put it like somewhere at the end
34
00:01:36,370 --> 00:01:37,620
put it right in the beginning
35
00:01:37,620 --> 00:01:40,770
and actually let's put it really here in the beginning
36
00:01:40,770 --> 00:01:45,550
as the first of all middlewares, okay.
37
00:01:45,550 --> 00:01:48,380
And we are really growing our middleware stack here
38
00:01:48,380 --> 00:01:50,713
let's just give each of them a name.
39
00:01:52,180 --> 00:01:54,713
So, security, HTP,
40
00:01:56,210 --> 00:01:57,053
headers.
41
00:01:57,053 --> 00:01:59,810
That of course, not correct.
42
00:01:59,810 --> 00:02:01,490
and too let's actually use a VRP.
43
00:02:01,490 --> 00:02:03,223
Set security HTP,
44
00:02:06,170 --> 00:02:07,180
limit requests
45
00:02:08,789 --> 00:02:10,363
from same API.
46
00:02:11,310 --> 00:02:13,160
Now we here we have this one as well.
47
00:02:15,370 --> 00:02:18,893
So this is development logging basically.
48
00:02:21,570 --> 00:02:24,953
Then this one here is called the body parser.
49
00:02:27,470 --> 00:02:28,740
So basically reading
50
00:02:30,660 --> 00:02:35,323
data from the body into req.body.
51
00:02:36,880 --> 00:02:37,760
Okay.
52
00:02:37,760 --> 00:02:39,360
And actually, since we're here,
53
00:02:39,360 --> 00:02:41,560
let's implement that thing that I mentioned
54
00:02:41,560 --> 00:02:43,030
in the theory lecture
55
00:02:43,030 --> 00:02:45,630
where I said that we can limit the amount of data
56
00:02:45,630 --> 00:02:47,940
that comes in the body.
57
00:02:47,940 --> 00:02:49,430
Remember that?
58
00:02:49,430 --> 00:02:52,740
So, here in json, we can actually specify
59
00:02:52,740 --> 00:02:55,170
some options and for that as always
60
00:02:55,170 --> 00:02:56,800
we pass an object.
61
00:02:56,800 --> 00:02:58,023
And so we here can say,
62
00:02:59,230 --> 00:03:04,150
limit and let's limit it to 10 kilobyte, okay.
63
00:03:04,150 --> 00:03:06,290
And so the package will then understand
64
00:03:06,290 --> 00:03:08,570
it will parse this string here
65
00:03:08,570 --> 00:03:10,920
into a meaningful data, all right?
66
00:03:10,920 --> 00:03:14,760
And so now when we have a body larger than 10 kilobyte
67
00:03:14,760 --> 00:03:17,943
it will basically not be accepted, all right?
68
00:03:19,010 --> 00:03:20,040
Then finally, this one here
69
00:03:20,040 --> 00:03:21,400
is for serving
70
00:03:23,490 --> 00:03:25,780
static files, okay.
71
00:03:25,780 --> 00:03:29,373
And this is finally just like, some test middleware here.
72
00:03:30,380 --> 00:03:33,450
Let's just keep it here because sometimes it's useful.
73
00:03:33,450 --> 00:03:36,330
For example, for taking a look at the headers here
74
00:03:36,330 --> 00:03:38,690
like we did back then.
75
00:03:38,690 --> 00:03:41,540
Okay, so that is helmet.
76
00:03:41,540 --> 00:03:42,820
Let's now do a request
77
00:03:42,820 --> 00:03:45,519
and then take a look at all the headers
78
00:03:45,519 --> 00:03:47,333
that it gives us basically.
79
00:03:48,960 --> 00:03:50,840
So let's send it here
80
00:03:50,840 --> 00:03:53,250
and then now you see we have 14 headers.
81
00:03:53,250 --> 00:03:55,370
So that's a lot more than before
82
00:03:55,370 --> 00:03:58,150
and so the new ones are basically this one here,
83
00:03:58,150 --> 00:03:59,803
prefetch control off.
84
00:04:00,840 --> 00:04:03,363
we have this strict transport security,
85
00:04:04,560 --> 00:04:06,980
you have the download options,
86
00:04:06,980 --> 00:04:10,150
there's also this one here for XSS protection
87
00:04:10,150 --> 00:04:12,470
and so the browser understands these headers
88
00:04:12,470 --> 00:04:15,750
and can then act on them basically, all right.
89
00:04:15,750 --> 00:04:17,180
Let's quickly actually take a look
90
00:04:17,180 --> 00:04:18,913
at the helmet documentation.
91
00:04:23,020 --> 00:04:24,520
So of course as always
92
00:04:24,520 --> 00:04:26,680
that's on GitHub.
93
00:04:26,680 --> 00:04:29,910
And so here you see basically all the middlewares
94
00:04:29,910 --> 00:04:31,160
that are included.
95
00:04:31,160 --> 00:04:32,730
Because helmet is in fact
96
00:04:32,730 --> 00:04:34,843
a collection of multiple middlewares.
97
00:04:37,090 --> 00:04:39,130
So that's actually what is says here.
98
00:04:39,130 --> 00:04:42,040
So it's a collection of 14 smaller middlewares
99
00:04:42,040 --> 00:04:44,890
and some of them are active by default
100
00:04:44,890 --> 00:04:46,470
which are these ones here
101
00:04:46,470 --> 00:04:48,620
marked like this.
102
00:04:48,620 --> 00:04:49,800
And so if you're interested,
103
00:04:49,800 --> 00:04:52,490
you can take a look at all of these others
104
00:04:52,490 --> 00:04:54,800
and then if you think you need some of them
105
00:04:54,800 --> 00:04:57,770
you can of course then turn it on specifically.
106
00:04:57,770 --> 00:05:00,330
and it tells you how to do that
107
00:05:00,330 --> 00:05:03,390
also up here in the documentation, okay.
108
00:05:03,390 --> 00:05:05,630
But I'm fine just with the default options
109
00:05:06,510 --> 00:05:08,520
And so...
110
00:05:08,520 --> 00:05:10,630
Now, that was actually very simple
111
00:05:10,630 --> 00:05:13,773
and so let's now quickly move on to the next video.
8061
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.