JSJ 311: Securing Express Apps with Helmet.js with Evan Hahn

JavaScript Jabber

Content provided by Charles M Wood. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Charles M Wood or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

6y ago 40:16

MP3•Episode home

Charles Max Wood

Special Guests: Evan HahnIn this episode, the JavaScript Jabber panelists discuss securing Express apps with Helmet.js with Evan Hahn. Evan is a developer at Airtable, which is a company that builds spreadsheet applications that are powerful enough that you can make applications with. He has also worked at Braintree, which does payment processing for companies. They talk about what Helmet.js is, when you would want to use it, and why it can help secure your Express apps. They also touch on when you wouldn’t want to use Helmet and the biggest thing that it saves you from in your code.In particular, we dive pretty deep on:

Evan intro
JavaScript
What is Helmet.js?
Node and Express
Why would you use the approach of Middleware?
Helmet is not the only solution
Http headers
Current maintainer of Helmet.js
npm
Has added a lot to the project, but is not the original creator
Outbound HTTP response headers
Helmet doesn’t fully secure your app but it does help secure it
How does using Helmet work?
Are there instances when you wouldn’t want to use Helmet?
No cash middleware
Where do you set the configuration options?
Top level Helmet module
12 modules
What is the biggest thing that Helmet saves you from?
Content security policy code
And much, much more!

Links:

Picks:Charles

Evan

Support this podcast at — https://redcircle.com/javascript-jabber/donations
Privacy & Opt-Out: https://redcircle.com/privacy
Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

688 episodes