Skip to content

Issue: Missing HTTP Security Headers (Helmet) #184

Description

@NahomAlemu

Description

The backend does not use the helmet middleware, leaving it vulnerable to common web attacks.

File: nsc-events-nestjs/src/main.ts

Missing Security Headers:

Header Purpose
X-Content-Type-Options Prevents MIME-type sniffing
X-Frame-Options Prevents clickjacking
Strict-Transport-Security Enforces HTTPS
X-XSS-Protection XSS attack mitigation
Content-Security-Policy Prevents code injection

Tasks

Tasks:

  • npm install helmet, import helmet from 'helmet'; app.use(helmet());

Visual Aids

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestsecurityVulnerability patches, encryption, or access control

    Type

    Fields

    No fields configured for Task.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions