From ed017e86fe52eba45d587939c2799e6809332734 Mon Sep 17 00:00:00 2001
From: joswambugu <josphatwambugu77@gmail.com>
Date: Wed, 16 Sep 2020 16:19:43 +0300
Subject: [PATCH] added helmet middleware

---
 README.md    | 3 ++-
 app.js       | 4 +++-
 package.json | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 660365d2f..f4e625c99 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ To get the Node server running locally:
 - Install MongoDB Community Edition ([instructions](https://docs.mongodb.com/manual/installation/#tutorials)) and run it by executing `mongod`
 - `npm run dev` to start the local server
 
-Alternately, to quickly try out this repo in the cloud, you can [![Remix on Glitch](https://cdn.glitch.com/2703baf2-b643-4da7-ab91-7ee2a2d00b5b%2Fremix-button.svg)](https://glitch.com/edit/#!/remix/realworld)
+Alternately, to quickly try out this repo in the cloud with ease, you can head over to[![Remix on Glitch](https://cdn.glitch.com/2703baf2-b643-4da7-ab91-7ee2a2d00b5b%2Fremix-button.svg)](https://glitch.com/edit/#!/remix/realworld)
 
 # Code Overview
 
@@ -30,6 +30,7 @@ Alternately, to quickly try out this repo in the cloud, you can [![Remix on Glit
 - [mongoose-unique-validator](https://github.com/blakehaswell/mongoose-unique-validator) - For handling unique validation errors in Mongoose. Mongoose only handles validation at the document level, so a unique index across a collection will throw an exception at the driver level. The `mongoose-unique-validator` plugin helps us by formatting the error like a normal mongoose `ValidationError`.
 - [passport](https://github.com/jaredhanson/passport) - For handling user authentication
 - [slug](https://github.com/dodo/node-slug) - For encoding titles into a URL-friendly format
+-[helmet](https://github.com/helmetjs/helmet) -Helmet helps you secure your Express apps by setting various HTTP headers. It's not a silver bullet, but it can help!
 
 ## Application Structure
 
diff --git a/app.js b/app.js
index 460baa408..71ab57aee 100644
--- a/app.js
+++ b/app.js
@@ -8,6 +8,7 @@ var http = require('http'),
     passport = require('passport'),
     errorhandler = require('errorhandler'),
     mongoose = require('mongoose');
+   helmet =require('helmet');
 
 var isProduction = process.env.NODE_ENV === 'production';
 
@@ -15,7 +16,8 @@ var isProduction = process.env.NODE_ENV === 'production';
 var app = express();
 
 app.use(cors());
-
+//Protect routes
+app.use(helmet());
 // Normal express config defaults
 app.use(require('morgan')('dev'));
 app.use(bodyParser.urlencoded({ extended: false }));
diff --git a/package.json b/package.json
index 617e65513..e187d2261 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,8 @@
     "passport-local": "1.0.0",
     "request": "2.69.0",
     "slug": "0.9.1",
-    "underscore": "1.8.3"
+    "underscore": "1.8.3",
+    "helmet":"4.1.1"
   },
   "devDependencies": {
     "newman": "^3.8.2",