Suggest using a secure header middleware

72636c · miukki · 72636c · commit c29c718f370f · 2021-09-29T12:58:53.000+10:00
Co-authored-by: Anja Ishmukhametova &lt;miukki@users.noreply.github.com&gt;
diff --git a/.changeset/rotten-bulldogs-itch.md b/.changeset/rotten-bulldogs-itch.md
@@ -0,0 +1,5 @@
+---
+"skuba": patch
+---
+
+template/\*-rest-api: Suggest using a secure header middleware
diff --git a/template/express-rest-api/src/app.ts b/template/express-rest-api/src/app.ts
@@ -6,6 +6,8 @@ import { healthCheckHandler } from './api/healthCheck';
 import { smokeTestHandler } from './api/smokeTest';
 
 const app = express()
+  // TODO: consider using a middleware that adds secure HTTP headers.
+  // https://github.com/helmetjs/helmet
   .get('/health', healthCheckHandler)
   .get('/smoke', smokeTestHandler);
 
diff --git a/template/koa-rest-api/src/framework/server.ts b/template/koa-rest-api/src/framework/server.ts
@@ -4,6 +4,7 @@ import {
   ErrorMiddleware,
   MetricsMiddleware,
   RequestLogging,
+  // SecureHeaders,
   VersionMiddleware,
 } from 'seek-koala';
 
@@ -38,6 +39,10 @@ export const createApp = <State, Context>(
   ...middleware: Koa.Middleware<State, Context>[]
 ) =>
   new Koa()
+    // TODO: consider using a middleware that adds secure HTTP headers.
+    // https://github.com/seek-oss/koala/tree/master/src/secureHeaders
+    // https://github.com/venables/koa-helmet
+    // .use(SecureHeaders.middleware)
     .use(requestLogging)
     .use(metrics)
     .use(ErrorMiddleware.handle)
