// running tests helmet.frameguard() middleware should be mounted correctly // tests completed
helmet.frameguard() middleware should be mounted correctly - Failed
helmet.frameguard() ‘action’ should be set to ‘DENY’ - Passed
https://checkered-motley-wilderness.glitch.me
1 Like
Sky020
August 24, 2020, 10:05pm
2
Hello there,
If you are struggling with these challenges, it is likely related to:
opened 05:21AM - 05 Jul 20 UTC
closed 02:58PM - 03 Sep 20 UTC
scope: curriculum
first timers only
<!--
NOTE: If you're reporting a security issue, don't create a GitHub issue. … Instead, email security@freecodecamp.org. We will look into it immediately.
-->
**Describe your problem and how to reproduce it:**
Multiple challenge tests fail for no obvious reasons related to the challenge -
1. Mitigate the Risk of Clickjacking with helmet.frameguard()
2. Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()
3. Disable DNS Prefetching with helmet.dnsPrefetchControl()
**Add a Link to the page with the problem:**
https://glitch.com/edit/#!/busy-rambunctious-tern
this server fails the tests for reasons beyond my understanding.
I tried to replicate the server on a different service and tweak the tests and I still don't understand the cause.
https://repl.it/@obsessedyouth/DiligentAnchoredObservation#package.json
**Tell us about your browser and operating system:**
* Browser Name:
Google Chrome
* Browser Version:
Version 83.0.4103.116 (Official Build) (64-bit)
* Operating System:
Windows 10 Enterprise
**If possible, add a screenshot here (you can drag and drop, png, jpg, gif, etc. in this box):**
The tempory solution is:
In order to pass the test Mitigate the Risk of Clickjacking with helmet.frameguard() i had to go back to version: 2.3.0Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts() i had to use the lastest version atm 3.23.3Disable DNS Prefetching with helmet.dnsPrefetchControl() i had to go back to version 2.3.0
Hope this helps
1 Like
Hello,
For me “cors()” was missing.
Hope this helps!
1 Like