1.1.13 • Published 5 years ago
hc-mid-csp v1.1.13
hc-mid-csp
hc-bee middleware to add csp headers
install
npm i -S hc-mid-csp
usage
config
options see helmet-csp, with below different:
- add
cspString
option to allow setCSP
content directly, if empty, fallback todirectives
- add
accepts
option to only apply headers according to req.accepts, default istext/html
directives
also allowstring
type value, to prevent merge config ofhc-bee
${prefix}
and${nonce}
can be put into string as placeholderdirectives.reportUri
default value:${prefix}/__csp__
res.locals.cspNonce
contains thenonce
value- add
x-csp-nonce
headers
example
middlewareConfig = {
csp: {
enable: true,
module: './csp',
config: {
reportOnly: true,
cspString: ``,
directives: {
"defaultSrc": "'none'",
"baseUri": "'none'",
"blockAllMixedContent": true,
"connectSrc": "'self' g.alicdn.com",
"fontSrc": "'self' data: at.alicdn.com g.alicdn.com",
"formAction": "'self'",
"frameAncestors": "'none'",
"frameSrc": "'self' g.alicdn.com",
"imgSrc": "'self' data: img.alicdn.com",
"objectSrc": "'none'",
"manifestSrc": "'self'",
"mediaSrc": "'none'",
"scriptSrc": "'report-sample' 'nonce-${nonce}' 'unsafe-inline' 'self' s.tianchi.aliyun.com"
}
}
}
}
1.1.13
5 years ago
1.1.12
5 years ago
1.1.11
5 years ago
1.1.10
5 years ago
1.1.9
5 years ago
1.1.8
5 years ago
1.1.7
5 years ago
1.1.6
5 years ago
1.1.5
5 years ago
1.1.4
5 years ago
1.1.3
5 years ago
1.1.2
5 years ago
1.1.1
5 years ago
1.0.14
5 years ago
1.0.13
5 years ago
1.0.12
5 years ago
1.0.11
5 years ago
1.0.10
5 years ago
1.0.9
5 years ago
1.0.8
5 years ago
1.0.7
5 years ago
1.0.6
5 years ago
1.0.5
5 years ago
1.0.4
5 years ago
1.0.3
5 years ago
1.0.2
5 years ago
1.0.1
5 years ago