Chapter 9. Details

When the now-near-ubiquitous air freshener Febreze was first released, it was a dud. The original ads showed people using the product to remove specific bad smells, such as cigarette smoke, resulting in poor sales. Faced with this disappointing outcome, the marketing team shifted focus to using Febreze as a finishing detail. Now, the ads depicted someone cleaning a room, fluffing the pillows, and completing the tasks of refreshing a room with a spritz of Febreze. This reframing of the product caused sales to skyrocket.

This is a great example of the fact that details matter. Right now we have a working API, but it’s lacking the finishing touches that will allow us to put it into production. In this chapter we’ll implement some web and GraphQL application security and user experience best practices. These details, far exceeding a spritz of air freshener, will be critical to the safety, security, and usability of our application.

Web Application and Express.js Best Practices

Express.js is the underlying web application framework that powers our API. We can make a few small tweaks to our Express.js code to provide a solid basis for our application.

Express Helmet

The Express Helmet middleware is a collection of small security-minded middleware functions. These will adjust our application’s HTTP headers to be more secure. While many of these are specific to browser-based applications, enabling Helmet is a simple step to protect our application from common ...

Get JavaScript Everywhere now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.