Complete the code to import Helmet in a Node.js Express app.
const express = require('express'); const helmet = require('[1]'); const app = express();
The helmet package is imported by requiring 'helmet'. This allows you to use Helmet middleware in your Express app.
Complete the code to use Helmet middleware in the Express app.
const express = require('express'); const helmet = require('helmet'); const app = express(); app.[1](helmet());
app.listen() instead of app.use().app.get() or app.post() for middleware.Use app.use() to add Helmet as middleware so it runs on every request.
Fix the error in the code to set a custom Content Security Policy with Helmet.
const helmet = require('helmet'); app.use(helmet.contentSecurityPolicy({ directives: { defaultSrc: [[1]], } }));
The directive values must be strings with quotes, like 'self', to be valid in Helmet's Content Security Policy.
Fill both blanks to disable the Cross-Origin Embedder Policy and Cross-Origin Opener Policy in Helmet.
app.use(helmet({
crossOriginEmbedderPolicy: [1],
crossOriginOpenerPolicy: [2]
}));Setting these options to false disables those specific security policies in Helmet.
Fill all three blanks to create a Helmet middleware that sets a custom Referrer Policy and enables DNS Prefetch Control.
app.use(helmet({
referrerPolicy: { policy: '[1]' },
dnsPrefetchControl: { allow: [2] },
frameguard: { action: '[3]' }
}));Setting referrerPolicy to 'no-referrer' hides referrer info. Setting dnsPrefetchControl allow to true enables it. Setting frameguard action to 'deny' blocks framing.