Security Headers at Legal Robot
We're big fans of open source software at Legal Robot. We also know that getting security right is a tough job, so we want to share some of the useful tools we use to build and run Legal Robot and keep it secure.
We are also proud to run Legal Robot on the Meteor framework for Node.js. With this recent change, Helmet.js becomes the official recommendation for security headers in Meteor, replacing the previous Meteor browser-policy package.
One of the most helpful tools in our Meteor security toolbox at Legal Robot is Content Security Policy (CSP) — basically, our server tells the browser what code it is allowed to run and how to handle something like code injection from a malicious browser extension.
CSP can be quite tricky, but there are some excellent tools out there to help, like [Google'