1.2.6 • Published 10 months ago

koa-csp v1.2.6

Weekly downloads
294
License
MIT
Repository
github
Last release
10 months ago

version downloads license dependencies coveralls

This is a koa2 middleware used to set response header Content-Security-Policy.

What is CSP

Usage

import Koa from 'koa';
import csp from 'koa-csp';


const app = new Koa();
app.use(csp());

// It is equivalent to
app.use(csp({
  enableWarn: true,
  policy: { 'default-src': ['self'] },
}));

// Add you can add more policy
app.use(csp({
  enableWarn: true,
  policy: {
    'img-src': ['self', 'img.example.com'],
    'script-src': ['script.example.com', '*.script.example.com'],
  },
}));

// some key words will be auto add single quotes
app.use(csp({
  policy: {
    'default-src': ['self', 'none', 'unsafe-inline', 'unsafe-eval', 'example.com'],
    // you can alse add single quotes manually
    'img-src': ["'self'"],
  },
}));
// OUTPUT: Content-Security-Policy: default-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' example.com; img-src 'self'

// CamelCase Support
app.use(csp({
  policy: {
    defaultSrc: ['self', 'none', 'unsafe-inline', 'unsafe-eval', 'example.com'],
    // you can alse add single quotes manually
    imgSrc: ["'self'"],
  },
}));
// OUTPUT: Content-Security-Policy: default-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' example.com; img-src 'self'

Contributing & Development

If there is any doubt, it is very welcome to discuss the issue together. Please read Contributor Covenant Code of Conduct and CONTRIBUTING.

1.2.6

10 months ago

1.2.4

10 months ago

1.2.3

1 year ago

1.2.2

1 year ago

1.2.1

2 years ago

1.2.0

3 years ago

1.1.1

4 years ago

1.1.0

6 years ago

1.0.14

7 years ago

1.0.13

7 years ago

1.0.12

7 years ago

1.0.11

8 years ago

1.0.10

8 years ago

1.0.9

8 years ago

1.0.8

8 years ago

1.0.7

8 years ago

1.0.6

8 years ago

1.0.5

8 years ago

1.0.4

8 years ago

1.0.3

8 years ago

1.0.2

8 years ago

1.0.1

8 years ago