content-security-policy

Middleware to add Content-Security-Policy header according to http://www.w3.org/TR/CSP/

Install

    $ npm install content-security-policy --save

Tests

    $ npm install --dev
    $ npm test

Usage

const csp = require('content-security-policy');
const express = require('express');
const app = express();
 
const cspPolicy = {
  'report-uri': '/reporting',
  'default-src': csp.SRC_NONE,
  'script-src': [ csp.SRC_SELF, csp.SRC_DATA ]
};
 
const globalCSP = csp.getCSP(csp.STARTER_OPTIONS);
const localCSP = csp.getCSP(cspPolicy);
 
// This will apply this policy to all requests if no local policy is set
app.use(globalCSP);
 
app.get('/', (req, res) => {
  res.send('Using global content security policy!');
});
 
// This will apply the local policy just to this path, overriding the globla policy
app.get('/local', localCSP, (req, res) => {
  res.send('Using path local content security policy!');
});
 
app.listen(3000, () => {
  console.log('Example app listening on port 3000!');
});

content-security-policy

content-security-policy

Install

Tests

Usage

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

content-security-policy

content-security-policy

Install

Tests

Usage

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads