Tell us what’s happening:
Describe your issue in detail here.
it keeps saying helmet.frameguard() middleware should be mounted correctly and i did what was in the instruction,please what is wrong?
Your project link(s)
solution: boilerplate-infosec - Replit
Your browser information:
User Agent is:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/22.214.171.124 Safari/537.36
Challenge: Information Security with HelmetJS - Mitigate the Risk of Clickjacking with helmet.frameguard()
Link to the challenge:
@lasjorg I notice the tests make a call to a
/_api/app-info route on the submitted url and check for
frameguard. This user’s app returns:
I pulled down the boilerplate and updated
myApp.js accordingly and see the following which passes the tests:
One thing I did different locally was to merge the changes of the outstanding PR on the boilerplate, so it could be a difference in the
@ochebarnnas12345 As a test, delete your
node_modules folder with
rm -rf node_modules and delete
package-lock.json. Then run
npm install and run the app again before submitting your live project url.
NOTE: You do not need the extra
Pretty sure it’s the caret in front of the version number
^3.21.3 in the package.json that is making it install version
3.23.3 which likely also updated the lock file. If you fork it even if you correct the version it will still install
@ochebarnnas12345 you can still follow @RandellDawson suggestion but you have to also correct the version in the package.json to not have a
^ in front of it.
Thanks @RandellDawson ! I had the same problem as OP and your solution resolved it.
downgrading Helmet to 2.3.0 according to the following temporary solution provided here Information security with HelmetJS #lesson-2 - #4 by ganeshh123 by ganeshh123 seems to work as well