Etherpad plugin to bring in helmet. Helmet provides security for express. See the Helmet docs for it's capabilities. Helmet also brings iFrame embed capabilities into Etherpad.

Usage

Basic usage is simple, just install the plugin.

Advanced usage.

Just use the same settings Helmet exposes for CSP.

CSP

"ep_helmet":{
  "csp":{
    "directives": {
      "objectSrc": ["'none'"],
      "upgradeInsecureRequests": true,
      "workerSrc": false
    }
  }
}

The above CSP will need to be polished over time https://ponyfoo.com/articles/content-security-policy-in-express-apps is a good write up that needs to be referred to and supported

Frameguard

Frameguard can be used to set X-Frame-Options which is useful if you embed Etherpad in an iFrame.

"ep_helmet":{
  "frameguard":{
    "action": "allow-from",
    "domain": "https://DOMAINIFRAMEWILLBEHOSTEDIN.com"
  }
}

Todo

[ ] Provide a good CSP example for Etherpad
[ ] Provide improves security for Etherpad (using nonce example etc for inline)

License

Apache 2

ep_helmet

Usage

Advanced usage.

CSP

Frameguard

Todo

License

/ep_helmet/

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

ep_helmet

Usage

Advanced usage.

CSP

Frameguard

Todo

License

/ep_helmet/

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads