Librarium
Settings

08 - Disable DNS Prefetching with helmet.dnsPrefetchControl() - Information Security - freeCodeCamp

Ganesh H
gaminglearningtechnologycampcertificationcodecontentcrossdatadevelopmentdnsethicalfilteringfreecodecamphackerhackingheaderhelmethelmetjshelmetjs guidehelmetjs installhelmetjs tutorialhtmlhttpsinformationjavajavascriptjavascript 2020middlewarenodenpmnpm helmetjspolicyprefetchingprogrammerprogrammingprojectprotectionscriptscriptingsecuritysignsitestricttransporttutorialuserwalkthroughwebx-dns-prefetch-controlxss

IMPORTANT: You must use Helmet version 2.3.0 for this test to pass! Browsers often 'prefetch' DNS records to cache IP addresses of pages you are likely to visit. We look at some potential issues with this and how we can use helmet's dnsPrefetchControl() middleware to set a header to disable this.

Link to Challenge : https://www.freecodecamp.org/learn/information-security/information-security-with-helmetjs/disable-dns-prefetching-with-helmet-dnsprefetchcontrol Written Guide: https://www.notion.so/ganeshh123/Disable-DNS-Prefetching-with-helmet-dnsPrefetchControl-e5a969e6ed324ba09c8e00f33148d4fc

Full Playlist for this course : https://www.youtube.com/playlist?list=PLhGp6N0DI_1TeEsQOdf1JmV8PnkQfEpQ4 All Writen Guides for this course : https://www.notion.so/ganeshh123/8ba82d9d1ff84c4583d6e9418ebe426b All My Tutorials can be found at : https://www.notion.so/Tutorials-Ganesh-H-293ea420d34a464f9a1907e0405b5f26

00:00 - Introduction 00:09 - What is DNS Prefetching? DNS prefetching is an attempt to resolve domain names before a user tries to follow a link. Once a domain name has been resolved, if the user does navigate to that domain, there will be no effective delay due to DNS resolution time https://www.chromium.org/developers/design-documents/dns-prefetching 00:50 - Advantage of DNS Prefetching 00:58 - Potential Issues with DNS Prefetching 03:07 - Performance vs Security Tradeoff 03:23 - X-DNS-Prefetch-Control Header The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control 03:38 - Use Helmet version 2.3.0 04:44 - Setting the Header - helmet.dnsPrefetchControl() helmet.dnsPrefetchControl sets the X-DNS-Prefetch-Control header to help control DNS prefetching, which can improve user privacy at the expense of performance. https://github.com/helmetjs/helmet/tree/master/middlewares/x-dns-prefetch-control 05:08 - Testing

-————————————————————————————————————- HelmetJS is a type of middleware for Express-based applications that automatically sets HTTP headers to prevent sensitive information from unintentionally being passed between the server and client. While HelmetJS does not account for all situations, it does include support for common ones like Content Security Policy, XSS Filtering, and HTTP Strict Transport Security, among others. HelmetJS can be installed on an Express project from npm, after which each layer of protection can be configured to best fit the project.

f ... https://www.youtube.com/watch?v=lbWGMv1FCjc

2021-06-25
0.0 LBC
Copyrighted (contact publisher)

27704043 Bytes