From baf19322664e4f17d2ce83a4edc1c6173811cbfd Mon Sep 17 00:00:00 2001
From: pieterjan84 <pieterjan84@users.noreply.github.com>
Date: Mon, 29 Nov 2021 15:53:54 +0100
Subject: [PATCH] added helmet

---
 package.json   | 1 +
 src/api/api.ts | 2 ++
 yarn.lock      | 5 +++++
 3 files changed, 8 insertions(+)

diff --git a/package.json b/package.json
index 7d223d49..f2bd5309 100644
--- a/package.json
+++ b/package.json
@@ -42,6 +42,7 @@
     "ejs": "^3.1.6",
     "express": "^4.17.1",
     "express-validator": "^6.13.0",
+    "helmet": "^4.6.0",
     "inversify": "^5.1.1",
     "lru-cache": "^6.0.0",
     "moment": "^2.24.0",
diff --git a/src/api/api.ts b/src/api/api.ts
index 47f42e07..e855de84 100644
--- a/src/api/api.ts
+++ b/src/api/api.ts
@@ -23,10 +23,12 @@ import { getDateFromParam } from '../shared/utilities/getDateFromParam';
 import { subscriptionRouter } from '../network-event-notifications/infrastructure/http/SubscriptionRouter';
 import * as bodyParser from 'body-parser';
 import { Server } from 'net';
+import helmet = require('helmet');
 
 let server: Server;
 const api = express();
 api.use(bodyParser.json());
+api.use(helmet());
 
 const setup = async (): Promise<{ config: Config; kernel: Kernel }> => {
 	const configResult = getConfigFromEnv();
diff --git a/yarn.lock b/yarn.lock
index 8bf19576..3ccceb6e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2297,6 +2297,11 @@ has@^1.0.3:
   dependencies:
     function-bind "^1.1.1"
 
+helmet@^4.6.0:
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/helmet/-/helmet-4.6.0.tgz#579971196ba93c5978eb019e4e8ec0e50076b4df"
+  integrity sha512-HVqALKZlR95ROkrnesdhbbZJFi/rIVSoNq6f3jA/9u6MIbTsPh3xZwihjeI5+DO/2sOV6HMHooXcEOuwskHpTg==
+
 highlight.js@^10.7.1:
   version "10.7.3"
   resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-10.7.3.tgz#697272e3991356e40c3cac566a74eef681756531"