Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,090 --> 00:00:02,080 So, in this video, 2 00:00:02,080 --> 00:00:04,810 we're gonna use yet another NPM package 3 00:00:04,810 --> 00:00:06,320 in order to set a couple of 4 00:00:06,320 --> 00:00:09,523 really important security http headers. 5 00:00:11,150 --> 00:00:12,570 So, to set these headers 6 00:00:12,570 --> 00:00:15,530 we will yet again use a middleware function 7 00:00:15,530 --> 00:00:17,993 which will come again from an NPM package. 8 00:00:18,890 --> 00:00:21,050 So, let's install that 9 00:00:21,050 --> 00:00:23,293 and it's called helmet. 10 00:00:24,400 --> 00:00:27,800 So this is kind of a standard in express development 11 00:00:27,800 --> 00:00:29,980 so everyone who's building an express app 12 00:00:29,980 --> 00:00:33,550 should always use this helmet package, all right. 13 00:00:33,550 --> 00:00:35,950 Because again, express doesn't use 14 00:00:35,950 --> 00:00:39,030 all the security best practices out of the box. 15 00:00:39,030 --> 00:00:42,730 And so we basically need to manually go ahead 16 00:00:42,730 --> 00:00:45,453 and put them there, okay. 17 00:00:46,960 --> 00:00:49,283 So, const, helmet, 18 00:00:51,060 --> 00:00:52,053 require, 19 00:00:53,780 --> 00:00:54,613 helmet. 20 00:00:55,790 --> 00:00:59,253 Okay and so let's do this right after this one, 21 00:01:00,720 --> 00:01:02,920 and this one couldn't be any easier 22 00:01:02,920 --> 00:01:05,170 all we need to do is call helmet here 23 00:01:06,420 --> 00:01:08,810 and so that will then produce the middleware function 24 00:01:08,810 --> 00:01:12,520 that should be put right here, okay. 25 00:01:12,520 --> 00:01:13,870 So in app.use, 26 00:01:13,870 --> 00:01:17,220 we always need a function, not a function call, right? 27 00:01:17,220 --> 00:01:19,380 So here we are calling this function 28 00:01:19,380 --> 00:01:21,860 and this will then in turn return a function 29 00:01:21,860 --> 00:01:25,450 that's gonna be sitting here until it's called, all right. 30 00:01:25,450 --> 00:01:28,660 And it's best to use this helmet package 31 00:01:28,660 --> 00:01:30,550 early in the middleware stack 32 00:01:30,550 --> 00:01:34,180 so that these headers are really sure to be set, okay. 33 00:01:34,180 --> 00:01:36,370 So don't put it like somewhere at the end 34 00:01:36,370 --> 00:01:37,620 put it right in the beginning 35 00:01:37,620 --> 00:01:40,770 and actually let's put it really here in the beginning 36 00:01:40,770 --> 00:01:45,550 as the first of all middlewares, okay. 37 00:01:45,550 --> 00:01:48,380 And we are really growing our middleware stack here 38 00:01:48,380 --> 00:01:50,713 let's just give each of them a name. 39 00:01:52,180 --> 00:01:54,713 So, security, HTP, 40 00:01:56,210 --> 00:01:57,053 headers. 41 00:01:57,053 --> 00:01:59,810 That of course, not correct. 42 00:01:59,810 --> 00:02:01,490 and too let's actually use a VRP. 43 00:02:01,490 --> 00:02:03,223 Set security HTP, 44 00:02:06,170 --> 00:02:07,180 limit requests 45 00:02:08,789 --> 00:02:10,363 from same API. 46 00:02:11,310 --> 00:02:13,160 Now we here we have this one as well. 47 00:02:15,370 --> 00:02:18,893 So this is development logging basically. 48 00:02:21,570 --> 00:02:24,953 Then this one here is called the body parser. 49 00:02:27,470 --> 00:02:28,740 So basically reading 50 00:02:30,660 --> 00:02:35,323 data from the body into req.body. 51 00:02:36,880 --> 00:02:37,760 Okay. 52 00:02:37,760 --> 00:02:39,360 And actually, since we're here, 53 00:02:39,360 --> 00:02:41,560 let's implement that thing that I mentioned 54 00:02:41,560 --> 00:02:43,030 in the theory lecture 55 00:02:43,030 --> 00:02:45,630 where I said that we can limit the amount of data 56 00:02:45,630 --> 00:02:47,940 that comes in the body. 57 00:02:47,940 --> 00:02:49,430 Remember that? 58 00:02:49,430 --> 00:02:52,740 So, here in json, we can actually specify 59 00:02:52,740 --> 00:02:55,170 some options and for that as always 60 00:02:55,170 --> 00:02:56,800 we pass an object. 61 00:02:56,800 --> 00:02:58,023 And so we here can say, 62 00:02:59,230 --> 00:03:04,150 limit and let's limit it to 10 kilobyte, okay. 63 00:03:04,150 --> 00:03:06,290 And so the package will then understand 64 00:03:06,290 --> 00:03:08,570 it will parse this string here 65 00:03:08,570 --> 00:03:10,920 into a meaningful data, all right? 66 00:03:10,920 --> 00:03:14,760 And so now when we have a body larger than 10 kilobyte 67 00:03:14,760 --> 00:03:17,943 it will basically not be accepted, all right? 68 00:03:19,010 --> 00:03:20,040 Then finally, this one here 69 00:03:20,040 --> 00:03:21,400 is for serving 70 00:03:23,490 --> 00:03:25,780 static files, okay. 71 00:03:25,780 --> 00:03:29,373 And this is finally just like, some test middleware here. 72 00:03:30,380 --> 00:03:33,450 Let's just keep it here because sometimes it's useful. 73 00:03:33,450 --> 00:03:36,330 For example, for taking a look at the headers here 74 00:03:36,330 --> 00:03:38,690 like we did back then. 75 00:03:38,690 --> 00:03:41,540 Okay, so that is helmet. 76 00:03:41,540 --> 00:03:42,820 Let's now do a request 77 00:03:42,820 --> 00:03:45,519 and then take a look at all the headers 78 00:03:45,519 --> 00:03:47,333 that it gives us basically. 79 00:03:48,960 --> 00:03:50,840 So let's send it here 80 00:03:50,840 --> 00:03:53,250 and then now you see we have 14 headers. 81 00:03:53,250 --> 00:03:55,370 So that's a lot more than before 82 00:03:55,370 --> 00:03:58,150 and so the new ones are basically this one here, 83 00:03:58,150 --> 00:03:59,803 prefetch control off. 84 00:04:00,840 --> 00:04:03,363 we have this strict transport security, 85 00:04:04,560 --> 00:04:06,980 you have the download options, 86 00:04:06,980 --> 00:04:10,150 there's also this one here for XSS protection 87 00:04:10,150 --> 00:04:12,470 and so the browser understands these headers 88 00:04:12,470 --> 00:04:15,750 and can then act on them basically, all right. 89 00:04:15,750 --> 00:04:17,180 Let's quickly actually take a look 90 00:04:17,180 --> 00:04:18,913 at the helmet documentation. 91 00:04:23,020 --> 00:04:24,520 So of course as always 92 00:04:24,520 --> 00:04:26,680 that's on GitHub. 93 00:04:26,680 --> 00:04:29,910 And so here you see basically all the middlewares 94 00:04:29,910 --> 00:04:31,160 that are included. 95 00:04:31,160 --> 00:04:32,730 Because helmet is in fact 96 00:04:32,730 --> 00:04:34,843 a collection of multiple middlewares. 97 00:04:37,090 --> 00:04:39,130 So that's actually what is says here. 98 00:04:39,130 --> 00:04:42,040 So it's a collection of 14 smaller middlewares 99 00:04:42,040 --> 00:04:44,890 and some of them are active by default 100 00:04:44,890 --> 00:04:46,470 which are these ones here 101 00:04:46,470 --> 00:04:48,620 marked like this. 102 00:04:48,620 --> 00:04:49,800 And so if you're interested, 103 00:04:49,800 --> 00:04:52,490 you can take a look at all of these others 104 00:04:52,490 --> 00:04:54,800 and then if you think you need some of them 105 00:04:54,800 --> 00:04:57,770 you can of course then turn it on specifically. 106 00:04:57,770 --> 00:05:00,330 and it tells you how to do that 107 00:05:00,330 --> 00:05:03,390 also up here in the documentation, okay. 108 00:05:03,390 --> 00:05:05,630 But I'm fine just with the default options 109 00:05:06,510 --> 00:05:08,520 And so... 110 00:05:08,520 --> 00:05:10,630 Now, that was actually very simple 111 00:05:10,630 --> 00:05:13,773 and so let's now quickly move on to the next video. 8061