// running tests
Prevent the client from trying to guess / sniff the MIME type.
Prevent cross-site scripting (XSS) attacks.
Nothing from the website is cached in the client.
The headers say that the site is powered by “PHP 7.4.3” even though it isn’t (as a security measure).
// tests completed
Trying to complete this project and this is the last couple of pieces I have to do too accomplish it I hope you can direct me in the right direction. 
The Helmet.js section of the curriculum should have all that information (and the lib docs).
Also, we can’t help you with your code without seeing it.
require(“dotenv”).config();
const express = require(“express”);
const bodyParser = require(“body-parser”);
const socket = require(“socket.io”);
const helmet = require(“helmet”);
const nocache = require(“nocache”);
const cors = require(‘cors’);
const fccTestingRoutes = require(“./routes/fcctesting.js”);
const runner = require(“./test-runner.js”);
const app = express();
app.use(
helmet({
noSniff: true,
xssFilter: true,
hidePoweredBy: {
setTo: “PHP 7.4.3”,
}
})
);
app.use(nocache());
app.use(cors({ origin: ‘*’ })); //For FCC testing purposes only
app.use(“/public”, express.static(process.cwd() + “/public”));
app.use(“/assets”, express.static(process.cwd() + “/assets”));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
// Index page (static HTML)
app.route(“/”).get(function (req, res) {
res.sendFile(process.cwd() + “/views/index.html”);
});
//For FCC testing purposes
fccTestingRoutes(app);
// 404 Not Found Middleware
app.use(function (req, res, next) {
res.status(404).type(“text”).send(“Not Found”);
});
const portNum = process.env.PORT || 3000;
// Set up server and tests
const server = app.listen(portNum, () => {
console.log(Listening on port ${portNum});
if (process.env.NODE_ENV === “test”) {
console.log(“Running Tests…”);
setTimeout(function () {
try {
runner.run();
} catch (error) {
console.log(“Tests are not valid:”);
console.error(error);
}
}, 1500);
}
});
// Socket.io setup:
// Start app and bind
// Socket.io to the same port
const io = socket(server);
const Collectible = require(“./public/Collectible”);
const { generateStartPos, canvasCalcs } = require(“./public/canvas-data”);
let currPlayers = ;
const destroyedCoins = ;
const generateCoin = () => {
const rand = Math.random();
let coinValue;
if (rand < 0.6) {
coinValue = 1;
} else if (rand < 0.85) {
coinValue = 2;
} else {
coinValue = 3;
}
return new Collectible({
x: generateStartPos(
canvasCalcs.playFieldMinX,
canvasCalcs.playFieldMaxX,
5
),
y: generateStartPos(
canvasCalcs.playFieldMinY,
canvasCalcs.playFieldMaxY,
5
),
value: coinValue,
id: Date.now(),
});
};
let coin = generateCoin();
io.sockets.on(“connection”, (socket) => {
console.log(New connection ${socket.id});
socket.emit(“init”, { id: socket.id, players: currPlayers, coin });
socket.on(“new-player”, (obj) => {
obj.id = socket.id;
currPlayers.push(obj);
socket.broadcast.emit(“new-player”, obj);
});
socket.on(“move-player”, (dir, obj) => {
const movingPlayer = currPlayers.find((player) => player.id === socket.id);
if (movingPlayer) {
movingPlayer.x = obj.x;
movingPlayer.y = obj.y;
socket.broadcast.emit("move-player", {
id: socket.id,
dir,
posObj: { x: movingPlayer.x, y: movingPlayer.y },
});
}
});
socket.on(“stop-player”, (dir, obj) => {
const stoppingPlayer = currPlayers.find(
(player) => player.id === socket.id
);
if (stoppingPlayer) {
stoppingPlayer.x = obj.x;
stoppingPlayer.y = obj.y;
socket.broadcast.emit("stop-player", {
id: socket.id,
dir,
posObj: { x: stoppingPlayer.x, y: stoppingPlayer.y },
});
}
});
socket.on(“destroy-item”, ({ playerId, coinValue, coinId }) => {
if (!destroyedCoins.includes(coinId)) {
const scoringPlayer = currPlayers.find((obj) => obj.id === playerId);
const sock = io.sockets.connected[scoringPlayer.id];
scoringPlayer.score += coinValue;
destroyedCoins.push(coinId);
// Broadcast to all players when someone scores
io.emit("update-player", scoringPlayer);
// Communicate win state and broadcast losses
if (scoringPlayer.score >= 100) {
sock.emit("end-game", "win");
sock.broadcast.emit("end-game", "lose");
}
// Generate new coin and send it to all players
coin = generateCoin();
io.emit("new-coin", coin);
}
});
socket.on(“disconnect”, () => {
socket.broadcast.emit(“remove-player”, socket.id);
currPlayers = currPlayers.filter((player) => player.id !== socket.id);
});
});
module.exports = app; // For testing
This is my code for server.js and I seem to be passing some of the test besides the last four functional test. How can you help me to pass the last four test? 
// running tests
Prevent the client from trying to guess / sniff the MIME type.
Prevent cross-site scripting (XSS) attacks.
Nothing from the website is cached in the client.
The headers say that the site is powered by “PHP 7.4.3” even though it isn’t (as a security measure).
// tests completed
// console output
[TypeError: Failed to fetch]
[TypeError: Failed to fetch]
[TypeError: Failed to fetch]
[TypeError: Failed to fetch]
This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.