1.2.2 • Published 4 months ago
koa-csp v1.2.2
This is a koa2 middleware used to set response header Content-Security-Policy
.
Usage
import Koa from 'koa';
import csp from 'koa-csp';
const app = new Koa();
app.use(csp());
// It is equivalent to
app.use(csp({
enableWarn: true,
policy: { 'default-src': ['self'] },
}));
// Add you can add more policy
app.use(csp({
enableWarn: true,
policy: {
'img-src': ['self', 'img.example.com'],
'script-src': ['script.example.com', '*.script.example.com'],
},
}));
// some key words will be auto add single quotes
app.use(csp({
policy: {
'default-src': ['self', 'none', 'unsafe-inline', 'unsafe-eval', 'example.com'],
// you can alse add single quotes manually
'img-src': ["'self'"],
},
}));
// OUTPUT: Content-Security-Policy: default-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' example.com; img-src 'self'
// CamelCase Support
app.use(csp({
policy: {
defaultSrc: ['self', 'none', 'unsafe-inline', 'unsafe-eval', 'example.com'],
// you can alse add single quotes manually
imgSrc: ["'self'"],
},
}));
// OUTPUT: Content-Security-Policy: default-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' example.com; img-src 'self'
Contributing & Development
If there is any doubt, it is very welcome to discuss the issue together. Please read Contributor Covenant Code of Conduct and CONTRIBUTING.
1.2.2
4 months ago
1.2.1
1 year ago
1.2.0
1 year ago
1.1.1
3 years ago
1.1.0
5 years ago
1.0.14
5 years ago
1.0.13
5 years ago
1.0.12
6 years ago
1.0.11
7 years ago
1.0.10
7 years ago
1.0.9
7 years ago
1.0.8
7 years ago
1.0.7
7 years ago
1.0.6
7 years ago
1.0.5
7 years ago
1.0.4
7 years ago
1.0.3
7 years ago
1.0.2
7 years ago
1.0.1
7 years ago