{"id":8535,"date":"2018-10-28T21:57:21","date_gmt":"2018-10-28T19:57:21","guid":{"rendered":"https:\/\/www.tomislavstankovic.com\/blog\/?p=8535"},"modified":"2019-01-05T19:45:49","modified_gmt":"2019-01-05T17:45:49","slug":"helmetjs-expressjs","status":"publish","type":"post","link":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/","title":{"rendered":"HelmetJS &#8211; za\u0161tita HTTP headera Express.js aplikacija"},"content":{"rendered":"<p>Sigurnost, jedna od stvari s kojoj svi prilikom razvoja aplikacije govore, ali ju malo njih smatra ozbiljnom ili odga\u0111a za kasnije. <\/p>\n<p>S druge strane, <em>HTTP<\/em> headeri su ne\u0161to \u0161to korisnici <em>Express.js<\/em> aplikacije ne vide i onda je developerima lako zapostaviti ih i gledati na njih kao na ne\u0161to nebitno. S obzirom da <strong>headeri daju razne informacije koje osobe s lo\u0161im namjerama mogu iskoristiti<\/strong> jasno je za\u0161to ipak treba voditi brigu o njima tj. informacijama koje pru\u017eaju.<\/p>\n<p>Jedna od tih informacije je  <span class=\"lang:default decode:true  crayon-inline\">X-Powered-By: Express<\/span> \u0161to web pregledniku govori \u0161to pokre\u0107e aplikaciju tj. na \u010demu se temelji. <em>Helmet.js<\/em> \u0107e, izme\u0111u ostalog, sakriti ovu informaciju. <\/p>\n<p>Zato je cilj ovog blog posta pokazati kako na brz i jednostavan na\u010din za\u0161tititi <em><a href=\"https:\/\/www.tomislavstankovic.com\/blog\/jednostavan-nodejs-expressjs-rest-api\/\" rel=\"noopener\" target=\"_blank\">Express.js<\/a><\/em> aplikaciju koriste\u0107i <em><a href=\"https:\/\/helmetjs.github.io\/\" rel=\"noopener\" target=\"_blank\">Helmet.js<\/a><\/em> koji ne\u0107e rije\u0161iti sve sigurnosne probleme, ali je ipak <a href=\"https:\/\/www.tomislavstankovic.com\/blog\/expressjs-rate-limit-api-zastita\/\" rel=\"noopener\" target=\"_blank\">odli\u010dan po\u010detak<\/a>.<\/p>\n<h2>\u0160to je Helmet.js?<\/h2>\n<p><em><a href=\"https:\/\/helmetjs.github.io\/\" rel=\"noopener\" target=\"_blank\">Helmet.js<\/a><\/em> je <strong>kolekcija od 14 modula<\/strong> koje se brinu za <strong>sigurnost<\/strong> <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\" rel=\"noopener\" target=\"_blank\">HTTP zaglavlja (headers)<\/a> to\u010dnije <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/Response_header\" rel=\"noopener\" target=\"_blank\"><em>response<\/em> headera<\/a>.<\/p>\n<p><a href=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-4-min.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-4-min.jpg\" alt=\"HelmetJS moduli\" width=\"587\" height=\"569\" class=\"aligncenter size-full wp-image-8554\" srcset=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-4-min.jpg 587w, https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-4-min-300x291.jpg 300w\" sizes=\"auto, (max-width: 587px) 100vw, 587px\" \/><\/a><\/p>\n<p>7 od 14 modula aktiviraju se jednom linijom koda<\/p>\n<pre class=\"lang:js decode:true \" >app.use(helmet())<\/pre>\n<p>Osim toga, svaki od tih zadanih modula mogu\u0107e je individualno aktivirati<\/p>\n<pre class=\"lang:js decode:true \" >app.use(helmet.noCache())\r\napp.use(helmet.frameguard())<\/pre>\n<p>ili deaktivirati<\/p>\n<pre class=\"lang:js decode:true \" >app.use(helmet({\r\n  frameguard: false\r\n}))<\/pre>\n<h2>Helmet.js moduli<\/h2>\n<p>Trenutno postoji 14 modula (defaultni ozna\u010deni sa (\u2713)), a to su sljede\u0107i:<\/p>\n<p>1.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/csp\/\" rel=\"noopener\" target=\"_blank\">contentSecurityPolicy<\/a><\/strong><\/p>\n<blockquote><p>Sets the Content-Security-Policy header which can help protect against malicious injection of JavaScript, CSS, plugins, and more.<\/p><\/blockquote>\n<p>2.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/crossdomain\/\" rel=\"noopener\" target=\"_blank\">crossdomain<\/a><\/strong><\/p>\n<blockquote><p>Prevents Adobe Flash and Adobe Acrobat from loading content on your site.<\/p><\/blockquote>\n<p>3.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/dns-prefetch-control\" rel=\"noopener\" target=\"_blank\">dnsPrefetchControl<\/a><\/strong> (\u2713)<\/p>\n<blockquote><p>This middleware lets you disable browsers\u2019 DNS prefetching by setting the X-DNS-Prefetch-Control header.<\/p><\/blockquote>\n<p>4.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/expect-ct\/\" rel=\"noopener\" target=\"_blank\">expectCt<\/a><\/strong><\/p>\n<blockquote><p>Tells browsers to expect Certificate Transparency. For more about Certificate Transparency and this header, see <a href=\"https:\/\/scotthelme.co.uk\/a-new-security-header-expect-ct\/\" rel=\"noopener\" target=\"_blank\">this blog post<\/a> and the <a href=\"https:\/\/datatracker.ietf.org\/doc\/draft-stark-expect-ct\" rel=\"noopener\" target=\"_blank\">in-progress spec<\/a>.<\/p><\/blockquote>\n<p>5.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/feature-policy\/\" rel=\"noopener\" target=\"_blank\">featurePolicy<\/a><\/strong><\/p>\n<blockquote><p>Lets you restrict which browser features can be used. For example, you can disable fullscreen or vibration APIs.<\/p><\/blockquote>\n<p>6.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/frameguard\/\" rel=\"noopener\" target=\"_blank\">frameguard<\/a><\/strong> (\u2713)<\/p>\n<blockquote><p>Frameguard mitigates clickjacking attacks by setting the X-Frame-Options header.<\/p><\/blockquote>\n<p>7.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/hide-powered-by\" rel=\"noopener\" target=\"_blank\">hidePoweredBy<\/a><\/strong> (\u2713)<\/p>\n<blockquote><p>Removes the X-Powered-By header to make it slightly harder for attackers to see what potentially-vulnerable technology powers your site.<\/p><\/blockquote>\n<p>8.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/hpkp\/\" rel=\"noopener\" target=\"_blank\">hpkp<\/a><\/strong><\/p>\n<blockquote><p>Helps you set the Public-Key-Pins header to prevent person-in-the-middle attacks. Usage of this header (and therefore this middleware) is not recommended. Be very careful when deploying this\u2014you can easily misuse this header and cause problems. Chrome dropped support for HPKP citing risks of misuse.<\/p><\/blockquote>\n<p>9.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/hsts\/\" rel=\"noopener\" target=\"_blank\">hsts<\/a><\/strong> (\u2713)<\/p>\n<blockquote><p>This module sets the Strict-Transport-Security header to keep your users on HTTPS.<\/p><\/blockquote>\n<p>10.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/ienoopen\" rel=\"noopener\" target=\"_blank\">ieNoOpen<\/a><\/strong> (\u2713)<\/p>\n<blockquote><p>This middleware sets the X-Download-Options to prevent Internet Explorer from executing downloads in your site\u2019s context.<\/p><\/blockquote>\n<p>11.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/nocache\/\" rel=\"noopener\" target=\"_blank\">noCache<\/a><\/strong><\/p>\n<blockquote><p>Aims to disable browser caching by setting several headers.<\/p><\/blockquote>\n<p>12.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/dont-sniff-mimetype\" rel=\"noopener\" target=\"_blank\">noSniff<\/a><\/strong> (\u2713)<\/p>\n<blockquote><p>Helps prevent browsers from trying to guess (\u201csniff\u201d) the MIME type, which can have security implications. It does this by setting the X-Content-Type-Options header to nosniff.<\/p><\/blockquote>\n<p>13.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/referrer-policy\" rel=\"noopener\" target=\"_blank\">referrerPolicy<\/a><\/strong><\/p>\n<blockquote><p>Can control the behavior of the Referer header by setting the Referrer-Policy header.<\/p><\/blockquote>\n<p>14.) <strong><a href=\"https:\/\/helmetjs.github.io\/docs\/xss-filter\" rel=\"noopener\" target=\"_blank\">xssFilter<\/a><\/strong> (\u2713)<\/p>\n<blockquote><p>Sets the X-XSS-Protection header to prevent reflected XSS attacks.<\/p><\/blockquote>\n<h2>Kreiranje projekta<\/h2>\n<p>Kreiram mapu projekta <strong>ExpressHelmet<\/strong> i unutar nje datoteku <strong><em>server.js<\/em><\/strong><\/p>\n<p><a href=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-3-min.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-3-min.jpg\" alt=\"HelmetJS i Express.js\" width=\"493\" height=\"144\" class=\"aligncenter size-full wp-image-8539\" srcset=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-3-min.jpg 493w, https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-3-min-300x88.jpg 300w\" sizes=\"auto, (max-width: 493px) 100vw, 493px\" \/><\/a><\/p>\n<p>sa sljede\u0107im sadr\u017eajem:<\/p>\n<pre class=\"lang:js decode:true \" title=\"server.js\" >var express = require('express');\r\nvar app = express(); \r\n \r\nvar port = process.env.PORT || 8080;\r\n \r\nvar apiRoutes = express.Router();\r\n \r\napiRoutes.get('\/', function(req, res) {\r\n    res.json({ message: 'API radi!' }); \r\n});\r\n \r\n\/\/ ostale GET, POST, PUT, DELETE definiraju se u nstavku\r\n \r\n\/\/ sve rute sadr\u017eavaju '\/api'\r\napp.use('\/api', apiRoutes);\r\n \r\napp.listen(port);\r\nconsole.log('API je pokrenut i koristi port:' + ' ' + port);<\/pre>\n<p>Detalje o tome kako kreirati osnovni <em>Express.js API<\/em> mogu\u0107e je prona\u0107i u blog postu pod naslovom <a href=\"https:\/\/www.tomislavstankovic.com\/blog\/jednostavan-nodejs-expressjs-rest-api\/\" rel=\"noopener\" target=\"_blank\">Izrada <em>RESTful API<\/em>-ja koriste\u0107i <em>Node.js<\/em> i <em>Express.js<\/em><\/a><\/p>\n<p>Ako sada pokrenem <em>API<\/em> na adresi http:\/\/localhost:8080\/api unutar <em><a href=\"https:\/\/developers.google.com\/web\/tools\/chrome-devtools\/\" rel=\"noopener\" target=\"_blank\">Google Chrome Developer alata<\/a><\/em> pod tabom <em><a href=\"https:\/\/developers.google.com\/web\/tools\/chrome-devtools\/network-performance\/reference\" rel=\"noopener\" target=\"_blank\">Network<\/a><\/em> dobit \u0107u sljede\u0107e:<\/p>\n<p><a href=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-1-min.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-1-min.jpg\" alt=\"HelmetJS i Express.js Headers\" width=\"532\" height=\"670\" class=\"aligncenter size-full wp-image-8545\" srcset=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-1-min.jpg 532w, https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-1-min-238x300.jpg 238w\" sizes=\"auto, (max-width: 532px) 100vw, 532px\" \/><\/a><\/p>\n<h2>Postavljanje Helmet.js-a<\/h2>\n<p>Sljede\u0107om naredbom untuar mape projekta instaliram <em><a href=\"https:\/\/helmetjs.github.io\/\" rel=\"noopener\" target=\"_blank\">Hellmet.js<\/a><\/em><\/p>\n<pre class=\"lang:sh decode:true \" >$ npm install helmet --save<\/pre>\n<p>Tako\u0111er, unutar <em><strong>server.js<\/strong><\/em> datoteke dodajem sljede\u0107e:<\/p>\n<pre class=\"lang:js mark:3,8 decode:true \" title=\"server.js\" >var express = require('express');\r\nvar app = express();\r\nvar helmet = require('helmet');\r\n \r\nvar port = process.env.PORT || 8080; \r\n \r\nvar apiRoutes = express.Router();\r\napp.use(helmet());\r\n \r\napiRoutes.get('\/', function(req, res) {\r\n    res.json({ message: 'API radi!' });  \r\n});\r\n\r\n\/\/ sve rute sadr\u017eavati \u0107e '\/api'\r\napp.use('\/api', apiRoutes);\r\n \r\napp.listen(port);\r\nconsole.log('API je pokrenut i koristi port:' + ' ' + port);<\/pre>\n<p>Ako sada pokrenem <em>API<\/em> na adresi http:\/\/localhost:8080\/api unutar <em><a href=\"https:\/\/developers.google.com\/web\/tools\/chrome-devtools\/\" rel=\"noopener\" target=\"_blank\">Google Chrome Developer alata<\/a><\/em> pod tabom <em><a href=\"https:\/\/developers.google.com\/web\/tools\/chrome-devtools\/network-performance\/reference\" rel=\"noopener\" target=\"_blank\">Network<\/a><\/em> dobit \u0107u sljede\u0107e:<\/p>\n<p><a href=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-2-min.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-2-min.jpg\" alt=\"HelmetJS i Express.js Headers\" width=\"959\" height=\"988\" class=\"aligncenter size-full wp-image-8548\" srcset=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-2-min.jpg 959w, https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-2-min-291x300.jpg 291w, https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-2-min-768x791.jpg 768w\" sizes=\"auto, (max-width: 959px) 100vw, 959px\" \/><\/a><\/p>\n<p>Na slici iznad mogu se vidjeti headeri kojih ranije nije bilo, a to su:<\/p>\n<pre class=\"lang:default decode:true \" >Strict-Transport-Security: max-age=15552000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block<\/pre>\n<p>Tako\u0111er, headere mogu vidjeti i pokretanjem sljede\u0107e naredbe:<\/p>\n<pre class=\"lang:sh decode:true \" >curl -i http:\/\/localhost:8080\/api<\/pre>\n<p><a href=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-5-min.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-5-min.jpg\" alt=\"Command line curl\" width=\"986\" height=\"348\" class=\"aligncenter size-full wp-image-8562\" srcset=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-5-min.jpg 986w, https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-5-min-300x106.jpg 300w, https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-5-min-768x271.jpg 768w\" sizes=\"auto, (max-width: 986px) 100vw, 986px\" \/><\/a><\/p>\n<h2>Zaklju\u010dak<\/h2>\n<p><em>Helmet.js<\/em> nije &#8220;<em>all in one<\/em>&#8221; rje\u0161enje niti se njegovim postavljenjem unutar projekta mo\u017ee re\u0107i da je sigurnosna za\u0161tita aplikacije gotova, ali je svakako dobar po\u010detak procesa razmi\u0161ljanja o sigurnosti. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sigurnost, jedna od stvari s kojoj svi prilikom razvoja aplikacije govore, ali ju malo njih smatra ozbiljnom ili odga\u0111a za kasnije. S druge strane, HTTP headeri su ne\u0161to \u0161to korisnici Express.js aplikacije ne vide i onda je developerima lako zapostaviti ih i gledati na njih kao na ne\u0161to nebitno. S obzirom da headeri daju razne &hellip; <a href=\"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/\" class=\"more-link\">Nastavi \u010ditati <span class=\"screen-reader-text\">HelmetJS &#8211; za\u0161tita HTTP headera Express.js aplikacija<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":8578,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[565,351],"tags":[375,549,378],"class_list":["post-8535","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-backend","category-razvoj","tag-express-js","tag-helmetjs","tag-node-js"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HelmetJS - za\u0161tita HTTP headera Express.js aplikacija - Tomislav Stankovi\u0107<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/\" \/>\n<meta property=\"og:locale\" content=\"hr_HR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HelmetJS - za\u0161tita HTTP headera Express.js aplikacija - Tomislav Stankovi\u0107\" \/>\n<meta property=\"og:description\" content=\"Sigurnost, jedna od stvari s kojoj svi prilikom razvoja aplikacije govore, ali ju malo njih smatra ozbiljnom ili odga\u0111a za kasnije. S druge strane, HTTP headeri su ne\u0161to \u0161to korisnici Express.js aplikacije ne vide i onda je developerima lako zapostaviti ih i gledati na njih kao na ne\u0161to nebitno. S obzirom da headeri daju razne &hellip; Nastavi \u010ditati HelmetJS &#8211; za\u0161tita HTTP headera Express.js aplikacija\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/\" \/>\n<meta property=\"og:site_name\" content=\"Tomislav Stankovi\u0107\" \/>\n<meta property=\"article:published_time\" content=\"2018-10-28T19:57:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-01-05T17:45:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-min.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"825\" \/>\n\t<meta property=\"og:image:height\" content=\"510\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tomislav Stankovi\u0107\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Napisao\/la\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tomislav Stankovi\u0107\" \/>\n\t<meta name=\"twitter:label2\" content=\"Procijenjeno vrijeme \u010ditanja\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/\"},\"author\":{\"name\":\"Tomislav Stankovi\u0107\",\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/#\\\/schema\\\/person\\\/0329c549c57700034ea77f5d3d78396d\"},\"headline\":\"HelmetJS &#8211; za\u0161tita HTTP headera Express.js aplikacija\",\"datePublished\":\"2018-10-28T19:57:21+00:00\",\"dateModified\":\"2019-01-05T17:45:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/\"},\"wordCount\":643,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/#\\\/schema\\\/person\\\/0329c549c57700034ea77f5d3d78396d\"},\"image\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/expressjs-helmetjs-sigurnost-min.jpg\",\"keywords\":[\"Express.js\",\"HelmetJS\",\"Node.js\"],\"articleSection\":[\"Backend\",\"Razvoj\"],\"inLanguage\":\"hr\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/\",\"url\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/\",\"name\":\"HelmetJS - za\u0161tita HTTP headera Express.js aplikacija - Tomislav Stankovi\u0107\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/expressjs-helmetjs-sigurnost-min.jpg\",\"datePublished\":\"2018-10-28T19:57:21+00:00\",\"dateModified\":\"2019-01-05T17:45:49+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/#breadcrumb\"},\"inLanguage\":\"hr\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"hr\",\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/expressjs-helmetjs-sigurnost-min.jpg\",\"contentUrl\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/expressjs-helmetjs-sigurnost-min.jpg\",\"width\":825,\"height\":510,\"caption\":\"HelmetJS - za\u0161tita HTTP headera Express.js aplikacija\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/helmetjs-expressjs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Po\u010detna stranica\",\"item\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HelmetJS &#8211; za\u0161tita HTTP headera Express.js aplikacija\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/\",\"name\":\"Tomislav Stankovi\u0107\",\"description\":\"Sam svoj bloger\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/#\\\/schema\\\/person\\\/0329c549c57700034ea77f5d3d78396d\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"hr\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/#\\\/schema\\\/person\\\/0329c549c57700034ea77f5d3d78396d\",\"name\":\"Tomislav Stankovi\u0107\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"hr\",\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/cropped-TomislavStankovic.jpg\",\"url\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/cropped-TomislavStankovic.jpg\",\"contentUrl\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/cropped-TomislavStankovic.jpg\",\"width\":248,\"height\":165,\"caption\":\"Tomislav Stankovi\u0107\"},\"logo\":{\"@id\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/cropped-TomislavStankovic.jpg\"},\"description\":\"Bloger \u0161irokog raspona interesa od kojih dio voli objaviti na ovom blogu. U neslobodno vrijeme Angular developer mobilnih i web aplikacija.\",\"sameAs\":[\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/tomislavstankovic\\\/\"],\"url\":\"https:\\\/\\\/www.tomislavstankovic.com\\\/blog\\\/author\\\/tomislavstankovic\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HelmetJS - za\u0161tita HTTP headera Express.js aplikacija - Tomislav Stankovi\u0107","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/","og_locale":"hr_HR","og_type":"article","og_title":"HelmetJS - za\u0161tita HTTP headera Express.js aplikacija - Tomislav Stankovi\u0107","og_description":"Sigurnost, jedna od stvari s kojoj svi prilikom razvoja aplikacije govore, ali ju malo njih smatra ozbiljnom ili odga\u0111a za kasnije. S druge strane, HTTP headeri su ne\u0161to \u0161to korisnici Express.js aplikacije ne vide i onda je developerima lako zapostaviti ih i gledati na njih kao na ne\u0161to nebitno. S obzirom da headeri daju razne &hellip; Nastavi \u010ditati HelmetJS &#8211; za\u0161tita HTTP headera Express.js aplikacija","og_url":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/","og_site_name":"Tomislav Stankovi\u0107","article_published_time":"2018-10-28T19:57:21+00:00","article_modified_time":"2019-01-05T17:45:49+00:00","og_image":[{"width":825,"height":510,"url":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-min.jpg","type":"image\/jpeg"}],"author":"Tomislav Stankovi\u0107","twitter_card":"summary_large_image","twitter_misc":{"Napisao\/la":"Tomislav Stankovi\u0107","Procijenjeno vrijeme \u010ditanja":"4 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/#article","isPartOf":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/"},"author":{"name":"Tomislav Stankovi\u0107","@id":"https:\/\/www.tomislavstankovic.com\/blog\/#\/schema\/person\/0329c549c57700034ea77f5d3d78396d"},"headline":"HelmetJS &#8211; za\u0161tita HTTP headera Express.js aplikacija","datePublished":"2018-10-28T19:57:21+00:00","dateModified":"2019-01-05T17:45:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/"},"wordCount":643,"commentCount":0,"publisher":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/#\/schema\/person\/0329c549c57700034ea77f5d3d78396d"},"image":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-min.jpg","keywords":["Express.js","HelmetJS","Node.js"],"articleSection":["Backend","Razvoj"],"inLanguage":"hr","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/","url":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/","name":"HelmetJS - za\u0161tita HTTP headera Express.js aplikacija - Tomislav Stankovi\u0107","isPartOf":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/#primaryimage"},"image":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-min.jpg","datePublished":"2018-10-28T19:57:21+00:00","dateModified":"2019-01-05T17:45:49+00:00","breadcrumb":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/#breadcrumb"},"inLanguage":"hr","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/"]}]},{"@type":"ImageObject","inLanguage":"hr","@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/#primaryimage","url":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-min.jpg","contentUrl":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2018\/10\/expressjs-helmetjs-sigurnost-min.jpg","width":825,"height":510,"caption":"HelmetJS - za\u0161tita HTTP headera Express.js aplikacija"},{"@type":"BreadcrumbList","@id":"https:\/\/www.tomislavstankovic.com\/blog\/helmetjs-expressjs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Po\u010detna stranica","item":"https:\/\/www.tomislavstankovic.com\/blog\/"},{"@type":"ListItem","position":2,"name":"HelmetJS &#8211; za\u0161tita HTTP headera Express.js aplikacija"}]},{"@type":"WebSite","@id":"https:\/\/www.tomislavstankovic.com\/blog\/#website","url":"https:\/\/www.tomislavstankovic.com\/blog\/","name":"Tomislav Stankovi\u0107","description":"Sam svoj bloger","publisher":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/#\/schema\/person\/0329c549c57700034ea77f5d3d78396d"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tomislavstankovic.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"hr"},{"@type":["Person","Organization"],"@id":"https:\/\/www.tomislavstankovic.com\/blog\/#\/schema\/person\/0329c549c57700034ea77f5d3d78396d","name":"Tomislav Stankovi\u0107","image":{"@type":"ImageObject","inLanguage":"hr","@id":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2019\/10\/cropped-TomislavStankovic.jpg","url":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2019\/10\/cropped-TomislavStankovic.jpg","contentUrl":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2019\/10\/cropped-TomislavStankovic.jpg","width":248,"height":165,"caption":"Tomislav Stankovi\u0107"},"logo":{"@id":"https:\/\/www.tomislavstankovic.com\/blog\/wp-content\/uploads\/2019\/10\/cropped-TomislavStankovic.jpg"},"description":"Bloger \u0161irokog raspona interesa od kojih dio voli objaviti na ovom blogu. U neslobodno vrijeme Angular developer mobilnih i web aplikacija.","sameAs":["https:\/\/www.tomislavstankovic.com\/blog\/","https:\/\/www.linkedin.com\/in\/tomislavstankovic\/"],"url":"https:\/\/www.tomislavstankovic.com\/blog\/author\/tomislavstankovic\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/posts\/8535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/comments?post=8535"}],"version-history":[{"count":36,"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/posts\/8535\/revisions"}],"predecessor-version":[{"id":8577,"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/posts\/8535\/revisions\/8577"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/media\/8578"}],"wp:attachment":[{"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/media?parent=8535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/categories?post=8535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tomislavstankovic.com\/blog\/wp-json\/wp\/v2\/tags?post=8535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}