From b294ac28b1dfdba042702407b16af80066d1aa54 Mon Sep 17 00:00:00 2001
From: Cogent Apps <cogentapps@fastmail.com>
Date: Fri, 17 Mar 2023 19:03:50 +0000
Subject: [PATCH] add helmet

---
 server/package.json | 2 ++
 server/src/index.ts | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/server/package.json b/server/package.json
index 5da2fde..3ce8e63 100644
--- a/server/package.json
+++ b/server/package.json
@@ -18,6 +18,7 @@
     "@types/express": "^4.17.17",
     "@types/express-rate-limit": "^6.0.0",
     "@types/express-session": "^1.17.6",
+    "@types/helmet": "^4.0.0",
     "@types/node": "^18.14.4",
     "@types/passport": "^1.0.12",
     "@types/passport-local": "^1.0.35",
@@ -37,6 +38,7 @@
     "express-openid-connect": "^2.12.1",
     "express-rate-limit": "^6.7.0",
     "express-session": "^1.17.3",
+    "helmet": "^6.0.1",
     "idb-keyval": "^6.2.0",
     "jsonwebtoken": "^9.0.0",
     "jwks-rsa": "^3.0.1",
diff --git a/server/src/index.ts b/server/src/index.ts
index e6eee6e..df4ff94 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -49,6 +49,9 @@ export default class ChatServer {
     }
 
     async initialize() {
+        const { default: helmet } = await import('helmet');
+        this.app.use(helmet());
+
         this.app.use(express.urlencoded({ extended: false }));
 
         if (process.env.AUTH0_CLIENT_ID && process.env.AUTH0_ISSUER && process.env.PUBLIC_URL) {