I am trying to provision for X-Content-Type-Options and X-Frame-Options in js, i.e.
const upload = multer();app.use(bodyParser.json());app.use(upload.any());app.use(cors({ origin: "*" }));app.use(helmet());app.use((req, res, next) => { res.setHeader('X-Content-Type-Options', 'nosniff'); next();});app.use( helmet({ xFrameOptions: { action: "sameorigin" }, }),);app.use((req, res, next) => { req.clientIp = req.headers["x-forwarded-for"] || req.socket.remoteAddress; next();});They don't get executed until my app.post("/subscribe ... request is triggered (confirmed by temporarily putting console.log inside the ap.use. I also do not see the headers being added using the Network . Headers tab in the Chrome Dev tools.
I've read the mdn content and went down the ChatGPT rabbithole. Any help would be appreciated.
I tried putting console.log inside the app.use. They don't get executed until the app.post and even then I do not see the headers in the Network > Header tabe in the Chrome Dev tools. I've tried adding a get request as suggested by ChatGPT, but that did not work either.
I also looked for Stackover and Reddit posts but did not find anything useful.