Information Security with HelmetJS - Hide Potentially Dangerous Information Using helmet.hidePoweredBy()

Tell us what’s happening:

I was required to Use the helmet.hidePoweredBy() middleware to remove the X-Powered-By header. I have expressed it as, app.use (helmet.hidePoweredBy()); which according to forums is correct but I still get the error of // running tests

  1. helmet.hidePoweredBy() middleware should be mounted correctly
    // tests completed
    Tests
    Failed:1. helmet.hidePoweredBy() middleware should be mounted correctly, what could be the issue?

###Your project link(s)

solution: https://3000-freecodecam-boilerplate-3c063vm3xy3.ws-eu117.gitpod.io

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Challenge Information:

Information Security with HelmetJS - Hide Potentially Dangerous Information Using helmet.hidePoweredBy()

Please offer assistance to what i may be doing wrong

Please read the help provided on the challenge.

Learn how to share your Gitpod workspace to get help.


Make sure you didn’t update the helmetjs dependency. The API has changed in newer versions.

https://freecodecam-boilerplate-dloejknqruc.ws-eu117.gitpod.io, that is the link to my shared my workspace, i have checked and run the 3.23.3 version, then updated it to 4+ version and matched the code to the 4+ version and still nothing before finally just taking back to the 3.23.3 version and still nothing, am honestly out of ideas. Thanks for you help.

You do not have the code you said you did in that Gitpod, you have app.use(helmet.frameguard({ action: 'deny' }));

If I add helmet.hidePoweredBy() for the app.use() instead, it passes the test.

this is actually confusing i had it on, but decided to move on to the frameguard problem however the exact code you had entered is what i did but i dont understand why it wasnt working for me. Appreciate it alot though, and yes it passed. Thanks

Glad it has happened for the frame guard as well just like it was please show me what am doing wrong now the app.use(helmet.frameguard({ action:‘deny’ })); is on please look at it and tell me where am wrong so it doesn’t keep happening to me. Thanks. Apologies for the bother.

Go back to the version of helmet that was in the starting boilerplate.

Stop the server first:

npm rm helmet
npm i helmet@3.21.3

Start the server and submit using only app.use(helmet.frameguard({ action: 'deny'})); as the mounted middleware

Ohh alright thought i had actually done that but let me do it again. Thanks alot

Do i need to do this with every single code i need to enter, as it keeps on happening?

if you share the workspace people can enter and vandalize it, you should share a snapshot

1 Like

Do what?

For the dependency you only need to change it one time and then not update it to a newer version.

Why am asking is for the next problem, being to Use helmet.xssFilter() to sanitize input sent to your server, after inputting my code the same issue has occurred so am thinking maybe i have to keep doing it.

You didn’t answer the question.

If it is about the middleware. Then yes, you should only use the asked for middleware, not keep the previous one.

1 Like

Yeah that was my error, as i hadn’t expected to keep mounting only one middleware per challenge. Thanks a lot. It keeps happening though so I will keep restarting the server whenever it happens

turns out it did happen again :thinking:

You have to restart the server every time you change the code.

You can add --watch to the npm start script to have it auto restart on code changes (after you save).

"start": "node --watch myApp.js"

This is a tad frustrating, as now when I restart the server it still refuses to pass the challenge.

The code you have is passing the related challenge step.

Make sure you do not have multiple servers running. Stop the server, close any extra terminals listed in the lower right panel, start it again using the npm start script. If the server was started using the correct script the terminal will show the server restarting on file save.

1 Like

let me go ahead and try that, i also added the --watch to my script so i hope it wont occur again. Thanks