1.1.16 • Published 2 years ago
inline-csp-hash v1.1.16
inline-csp-hash
Plugin to generate hash for inline scripts and styles for CSP.
This plugin is insipred by hash-csp, and operates mostly the same way.
Installation
npm install inline-csp-hash --save
Usage
const gulp = require('gulp');
const hashstream = require('inline-csp-hash');
gulp.task('inline-hash', () => {
return gulp.src('src/*.html')
.pipe(hashstream({
what: 'script',
replace_cb: (s, hashes) => s.replace(/script-src 'self'[^;]*/, "script-src 'self' " + hashes.join(" "))
}))
.pipe(hashstream({
what: 'style',
replace_cb: (s, hashes) => s.replace(/style-src 'self'[^;]*/, "style-src 'self' " + hashes.join(" "))
}))
.pipe(gulp.dest('dist/'))
;
});
Options
- what:
script
(default) orstyle
: which tags to process (scripts and styles are processed separately because they are controlled by different CSP directives:script-src
andstyle-src
) - hash:
sha256
(default),sha384
, orsha512
: hash algorithm to use. SHA family is the only one according to the specification - replace_cb: callback to inject gathered hashes into the source file
Tests
Have mocha installed and run npm test
1.1.16
2 years ago
1.1.15
3 years ago
1.1.14
4 years ago
1.1.12
4 years ago
1.1.11
4 years ago
1.1.10
4 years ago
1.1.9
4 years ago
1.1.8
4 years ago
1.1.7
4 years ago
1.1.6
4 years ago
1.1.5
5 years ago
1.1.4
5 years ago
1.1.3
5 years ago
1.1.2
5 years ago
1.1.1
5 years ago
1.1.0
5 years ago
1.0.1
5 years ago
1.0.0
5 years ago
0.0.1
5 years ago