From 8ad2f3cb49f3e4ba93de4d850e1ffddd4226ffe8 Mon Sep 17 00:00:00 2001
From: apostolof <apotwohd@gmail.com>
Date: Thu, 4 Feb 2021 23:27:38 +0200
Subject: [PATCH] refactor: add helmet for protection

---
 packages/concordia-contracts-provider/package.json | 1 +
 packages/concordia-contracts-provider/src/index.js | 2 ++
 yarn.lock                                          | 5 +++++
 3 files changed, 8 insertions(+)

diff --git a/packages/concordia-contracts-provider/package.json b/packages/concordia-contracts-provider/package.json
index 9c2234e..f9eacb7 100755
--- a/packages/concordia-contracts-provider/package.json
+++ b/packages/concordia-contracts-provider/package.json
@@ -13,6 +13,7 @@
     "esm": "~3.2.25",
     "express": "^4.17.1",
     "express-async-handler": "^1.1.4",
+    "helmet": "^4.4.1",
     "lodash": "^4.17.20",
     "multer": "^1.4.2",
     "multiparty": "^4.2.2"
diff --git a/packages/concordia-contracts-provider/src/index.js b/packages/concordia-contracts-provider/src/index.js
index 0d8ddf4..605d10c 100755
--- a/packages/concordia-contracts-provider/src/index.js
+++ b/packages/concordia-contracts-provider/src/index.js
@@ -1,5 +1,6 @@
 import express from 'express';
 import cors from 'cors';
+import helmet from 'helmet';
 import initRoutes from './routes/web';
 import constants from './constants';
 
@@ -17,6 +18,7 @@ const corsOptions = {
 
 app.use(express.urlencoded({ extended: true }));
 app.use(cors(corsOptions));
+app.use(helmet());
 
 initRoutes(app);
 
diff --git a/yarn.lock b/yarn.lock
index 5fe663c..c971c61 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7716,6 +7716,11 @@ heap@~0.2.6:
   resolved "https://registry.yarnpkg.com/heap/-/heap-0.2.6.tgz#087e1f10b046932fc8594dd9e6d378afc9d1e5ac"
   integrity sha1-CH4fELBGky/IWU3Z5tN4r8nR5aw=
 
+helmet@^4.4.1:
+  version "4.4.1"
+  resolved "https://registry.yarnpkg.com/helmet/-/helmet-4.4.1.tgz#a17e1444d81d7a83ddc6e6f9bc6e2055b994efe7"
+  integrity sha512-G8tp0wUMI7i8wkMk2xLcEvESg5PiCitFMYgGRc/PwULB0RVhTP5GFdxOwvJwp9XVha8CuS8mnhmE8I/8dx/pbw==
+
 hex-color-regex@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/hex-color-regex/-/hex-color-regex-1.1.0.tgz#4c06fccb4602fe2602b3c93df82d7e7dbf1a8a8e"