From afb0f973c820e4dd0028595fc314bb9b29a87ac9 Mon Sep 17 00:00:00 2001
From: Yutaka Yamaguchi <yyamaguchi@sixapart.com>
Date: Sun, 30 Mar 2014 14:38:00 +0900
Subject: [PATCH] use helmet module to more secure application

Helmet module is the middleware to add security headers for Application.
I think these headers is so important for security that we should also use in MEAN.js.

We need to install the latest one from github currently because it looks old on the npm site.
The old one is not working on my local MEAN.js stack.
---
 config/express.js | 3 +++
 package.json      | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/express.js b/config/express.js
index d83ee8fb92..a7c5877371 100755
--- a/config/express.js
+++ b/config/express.js
@@ -10,6 +10,7 @@ var express = require('express'),
 	config = require('./config'),
 	consolidate = require('consolidate'),
 	path = require('path'),
+	helmet = require('helmet'),
 	utilities = require('./utilities');
 
 module.exports = function(db) {
@@ -98,6 +99,8 @@ module.exports = function(db) {
 	// connect flash for flash messages
 	app.use(flash());
 
+	app.use(helmet.defaults());
+
 	// routes should be at the last
 	app.use(app.router);
 
diff --git a/package.json b/package.json
index 1f18533428..7421ae3256 100755
--- a/package.json
+++ b/package.json
@@ -33,7 +33,8 @@
 		"lodash": "~2.4.1",
 		"forever": "~0.10.11",
 		"bower": "~1.3.1",
-		"grunt-cli": "~0.1.13"
+		"grunt-cli": "~0.1.13",
+		"helmet": "git://github.com/evilpacket/helmet.git"
 	},
 	"devDependencies": {
 		"supertest": "~0.9.0",