0.3.4 • Published 4 years ago

content-security-policy v0.3.4

Weekly downloads
4,339
License
-
Repository
github
Last release
4 years ago

Build Status Coverage Status

content-security-policy

Middleware to add Content-Security-Policy header according to http://www.w3.org/TR/CSP/

Install

    $ npm install content-security-policy --save

Tests

    $ npm install --dev
    $ npm test

Usage

const csp = require('content-security-policy');
const express = require('express');
const app = express();

const cspPolicy = {
  'report-uri': '/reporting',
  'default-src': csp.SRC_NONE,
  'script-src': [ csp.SRC_SELF, csp.SRC_DATA ]
};

const globalCSP = csp.getCSP(csp.STARTER_OPTIONS);
const localCSP = csp.getCSP(cspPolicy);

// This will apply this policy to all requests if no local policy is set
app.use(globalCSP);

app.get('/', (req, res) => {
  res.send('Using global content security policy!');
});

// This will apply the local policy just to this path, overriding the globla policy
app.get('/local', localCSP, (req, res) => {
  res.send('Using path local content security policy!');
});

app.listen(3000, () => {
  console.log('Example app listening on port 3000!');
});
expressconnectcontent-security-policysecuritycsp
croket_mainsec-angular-expresstaskcluster-lib-app
0.3.4

4 years ago

0.3.3

6 years ago

0.3.2

6 years ago

0.3.1

6 years ago

0.3.0

7 years ago

0.2.2

7 years ago

0.2.0

10 years ago

0.1.1

10 years ago

0.1.0

10 years ago