Skip to content

erdtman/content-security-policy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
examples
examples
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.project
.project
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Build Status Coverage Status

content-security-policy

Middleware to add Content-Security-Policy header according to http://www.w3.org/TR/CSP/

Install

    $ npm install content-security-policy --save

Tests

    $ npm install --dev
    $ npm test

Usage

const csp = require('content-security-policy');
const express = require('express');
const app = express();

const cspPolicy = {
  'report-uri': '/reporting',
  'default-src': csp.SRC_NONE,
  'script-src': [ csp.SRC_SELF, csp.SRC_DATA ]
};

const globalCSP = csp.getCSP(csp.STARTER_OPTIONS);
const localCSP = csp.getCSP(cspPolicy);

// This will apply this policy to all requests if no local policy is set
app.use(globalCSP);

app.get('/', (req, res) => {
  res.send('Using global content security policy!');
});

// This will apply the local policy just to this path, overriding the globla policy
app.get('/local', localCSP, (req, res) => {
  res.send('Using path local content security policy!');
});

app.listen(3000, () => {
  console.log('Example app listening on port 3000!');
});

About

Middleware to add Content-Security-Policy header

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

v0.3.4 Latest
Aug 16, 2020

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages