[Done] Hide Potentially Dangerous Information Using helmet.hidePoweredBy()

[Done] Hide Potentially Dangerous Information Using helmet.hidePoweredBy()
0

#1

As per the first challenge, I installed helmetJS

	"dependencies": {
		"express": "^4.14.0",
    "helmet": "^3.12.1"
	},

and then required it:

var helmet = require('helmet');

But when I run:

app.use(helmet.hidePoweredBy());

I get the following error from the freeCodeCamp page:
// running test
expected ‘Express’ to not equal ‘Express’
// tests completed

I’m inclined to think I’ve made a mistake rather than there being a glitch, but I copy and pasted the code from the module’s page on github. I’ve tried using a few different versions of the package, but no luck there.

Any thoughts?


#2

I’m guessing there was a backend glitch that got fixed. I went back today, ran the same code and it passed.


#3

First please share the challenge code, plus the full code you tried and failed.

Beside
This could be about one very small issue(but I’m not sure), my guess, since another user had the same issue recently, you may check it here

This could be becasue you copied some text which is based on UTF-8, and the test expected ASCII, you may remove following

"dependencies": {
		"express": "^4.14.0",
    "helmet": "^3.12.1"
	},

And just type it(no copy paste), hope this help.


#4

Thanks for getting back to me.

I mentioned it above, but coming back to the same challenge two days later, the code ran and passed the test on the first try. I ran it 2-3 more times to make sure it’s not a fluke. Maybe something got updated in the intervening time?

I will keep your comments in mind though for future problems!


#5

Same issue here. It wasn’t passing with the same error log then I tried again 5 minutes later and it worked.


#6

That is good to hear :slight_smile: anyway I opened a Support request in order to try to raise the issue to the team, if you want to follow it…


#7

Express provides an option to simply turn off powered by

app.disable('x-powered-by')

#8

I had the same issue. I just reloaded my Glitch page and then reloaded the site preview. Once I did that, the URL passed the test.

However, I went to view the headers after adding that code and I’m still able to see the “x-powered-by: Express” header within Chrome dev tools. Any ideas on why this is the case? Is it because the tools are picking up that Glitch is powered by Express perhaps?

Link to project:
https://is-with-helmetjs.glitch.me/


#9

I just completed this challenge and wanted to add my experience to help others who may have difficulty.

Despite many reloads, I was unable to set the “x-powered-by” field in the header to nothing using helmet.hidePoweredBy().

I had to set the “x-powered-by” field to something else in order to pass the freeCodeCamp challenge. I used helmet.hidePoweredBy({ setTo: ‘PHP 4.2.0’ }) to make it appear as an Apache server.


#10

Interesting issue.
When I entered the following in my Glitch app,
app.use(helmet.hidePoweredBy());

Firefox developer tools showed ‘x-powered-by: Express’.

Yet, when I entered this in my app,
app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }));

I see ‘x-powered-by: PHP 4.2.0’.