1.1.13 • Published 6 years ago
hc-mid-csp v1.1.13
hc-mid-csp
hc-bee middleware to add csp headers
install
npm i -S hc-mid-csp
usage
config
options see helmet-csp, with below different:
- add
cspString
option to allow setCSP
content directly, if empty, fallback todirectives
- add
accepts
option to only apply headers according to req.accepts, default istext/html
directives
also allowstring
type value, to prevent merge config ofhc-bee
${prefix}
and${nonce}
can be put into string as placeholderdirectives.reportUri
default value:${prefix}/__csp__
res.locals.cspNonce
contains thenonce
value- add
x-csp-nonce
headers
example
middlewareConfig = {
csp: {
enable: true,
module: './csp',
config: {
reportOnly: true,
cspString: ``,
directives: {
"defaultSrc": "'none'",
"baseUri": "'none'",
"blockAllMixedContent": true,
"connectSrc": "'self' g.alicdn.com",
"fontSrc": "'self' data: at.alicdn.com g.alicdn.com",
"formAction": "'self'",
"frameAncestors": "'none'",
"frameSrc": "'self' g.alicdn.com",
"imgSrc": "'self' data: img.alicdn.com",
"objectSrc": "'none'",
"manifestSrc": "'self'",
"mediaSrc": "'none'",
"scriptSrc": "'report-sample' 'nonce-${nonce}' 'unsafe-inline' 'self' s.tianchi.aliyun.com"
}
}
}
}
1.1.13
6 years ago
1.1.12
6 years ago
1.1.11
6 years ago
1.1.10
6 years ago
1.1.9
6 years ago
1.1.8
6 years ago
1.1.7
6 years ago
1.1.6
6 years ago
1.1.5
6 years ago
1.1.4
6 years ago
1.1.3
6 years ago
1.1.2
6 years ago
1.1.1
6 years ago
1.0.14
6 years ago
1.0.13
6 years ago
1.0.12
6 years ago
1.0.11
6 years ago
1.0.10
6 years ago
1.0.9
6 years ago
1.0.8
6 years ago
1.0.7
6 years ago
1.0.6
6 years ago
1.0.5
6 years ago
1.0.4
6 years ago
1.0.3
6 years ago
1.0.2
6 years ago
1.0.1
6 years ago