Test failing with correct implementation

Tell us what’s happening:

fetch("my-heroku-url-here").then(response => {
    console.log(response.headers.get("X-Powered-By") === "Express") // prints false
    console.log(response.headers.get("X-Powered-By")) // prints null
    console.log(response.headers.get("Server")) // prints Cowboy
})

But the test is failing nontheless.
I get the message

// running tests
helmet.hidePoweredBy() middleware should be mounted correctly
// tests completed

Solution:

const express = require('express');
const helmet = require("helmet")

const app = express();
app.use(helmet.hidePoweredBy())

Your project link(s)

Github: GitHub - SimpleCookie/fcc-infosec at helmet-2

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0

Challenge: Hide Potentially Dangerous Information Using helmet.hidePoweredBy()

Link to the challenge:

Did you configure Heroku to use myApp.js and not server.js? I would start looking into ways to verify that the test is using myApp.js and not server.js.

yes as you can see on the github repo I included in the problem description.
I’ve completed 10/14 of the challenges Information Security with HelmetJS, so it’s just this one that’s broken.

Also this code snippet proves my code is working as intended.

fetch("my-heroku-url-here").then(response => {
    console.log(response.headers.get("X-Powered-By") === "Express") // prints false
    console.log(response.headers.get("X-Powered-By")) // prints null
    console.log(response.headers.get("Server")) // prints Cowboy
})

You are using var app = express(); in both myApp.js and server.js so I think you have two instances of express and only of them is using helmet.hidePoweredBy. Is that intentional?

I haven’t touched server.js as the instructions told me to stay away from it, it remains the same as on the original template-repo boilerplate-infosec/ so that shouldn’t be an issue.

I’m getting some weird behavior with this challenge on replit. After server is run, first submission try will fail, but next ones will pass. Is it the same for you?

It definitely is a bit janky for me as well.

Try this. On the submit page open the dev tools F12, go to the Network tab and check the “Disable cache” option at the top, do a hard refresh (Shift + Ctrl + R) now try the submit with the dev tools open.

You can also try using app.disable("x-powered-by") in myApp at the top after the helmetjs middleware as that seems to be the test that was failing for me sometimes.

1 Like

For me, the test is failing constantly regardless whether I’m using Firefox or Chrome. I’ve tried ctrl + shift + R as well, I’ve also tried hosting it on both replit and heroku thinking it might be some hosting issue.

I’m doing great with the other challenges, but just this one in particular is problematic. I’ve tried the app.disable() option as well without success.

Try what I said about the dev tools. Use the “Disable cache” option and keep the dev tools open when submitting.

So I went ahead to give it a try.
First I submitted the link without disabling the cache, and the test failed.
I disabled the cache in dev tools and the test passed.

Would be great if free-code-camp could update the instructions :slight_smile: Perhaps make the instructions open-source. I couldn’t find it on github, else I’d submit a PR.
Thank you :slight_smile:

This is the source for the challenge, with the instructions and tests. If you want to contribute, please read our contributing guidelines first.


Just to be clear, what I posted isn’t instructions, it’s just a possible fix for whatever is going wrong. It shouldn’t be happening. I’m not sure what is going on. I have also seen it pass if you just keep submitting and then suddenly it just works.

1 Like

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.