Helmet framehuard Middleware

pranjalruhela2811 · May 25, 2021, 12:41pm

I am trying to complete helmetjs section in Information security course.
In Mitigate the Risk of Clickjacking with helmet.frameguard(), I fail the test --helmet.frameguard() middleware should be mounted correctly (Test timed out)

solution: https://replit.com/@intjcodinghard/boilerplate-infosec

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36.

Challenge: Mitigate the Risk of Clickjacking with helmet.frameguard()

Link to the challenge:

jeremy.a.gray · May 26, 2021, 1:47am

First, make sure you are using the live link, in your case that’s https://boilerplate-infosec--intjcodinghard.repl.co/. The good news is that your code is actually correct.

Second, you can remove the frameguard dependency in your package.json and then pin helmet to version 3.21.3 with helmet: "3.21.3". The tests on these projects expect very specific output from very specific versions of the dependencies. Other versions of helmet may work, but I don’t think any version 4 or up will. That should get you passing.

If you are curious, you can find the error yourself by adding

  console.log({headers: hObj, appStack: appMainRouteStack });

right before the res.json() in the /app-info route in server.js (ignoring the don’t edit this file warning) and it will print the information the test is asserting against. Newer versions of helmet do not have frameguard in the appStack part while older ones do.

system · November 24, 2021, 1:47pm

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.