Information Security Projects - Secure Real Time Multiplayer Game

Tell us what’s happening:

The failing Tests are the last 4 security tests.I have carefully implemented all required security headers using Express and Helmet, verified the headers via browser DevTools and curl, and tested the project both locally and on Replit using different Node.js versions. Despite the headers appearing correctly in network requests, the FreeCodeCamp test suite continues to mark these tests as failed.

Your code so far

image685×137 3.19 KB

image1067×240 22.8 KB

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Challenge Information:

Information Security Projects - Secure Real Time Multiplayer Game

Welcome to the forum @haythemfarhat6

The syntax for the PHP one doesn’t look right.

See if you can find a different implementation.

Happy coding

Hi @Teller thank you for your reply,
Regarding the X-Powered-By header, I am using Helmet v3.22.0, which is the version required by this project’s boilerplate.
With this version, the correct and documented syntax is:

app.use(helmet.hidePoweredBy({ setTo: ‘PHP 7.4.3’ }));

This header is correctly applied and can be verified both in DevTools and via curl, where X-Powered-By: PHP 7.4.3 is present in the response.

image830×417 18.2 KB

However I think I found a problem but I’m not sure about it when calling /_api/app-info, the request fails with a 500 error. The stack trace points to this line in routes/fcctesting.js:

Object.keys(res._headers)

That’s because in recent versions of Express / Node.js, res._headers is no longer available, which causes the tests to crash before they can actually read the headers.
Maybe this is the main problem .