Skip to content
This repository has been archived by the owner on Aug 3, 2020. It is now read-only.

Commit

Permalink
Add "Using CSP with a CDN"
Browse files Browse the repository at this point in the history 
Thanks to Ryan Cannon for this!
  • Loading branch information
@kara-ryli @EvanHahn
kara-ryli authored and EvanHahn committed Feb 29, 2016
1 parent 58210c0 commit 27a7a23
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
5 changes: 5 additions & 0 deletions README.md
View file
Expand Up @@ -97,3 +97,8 @@ app.use(function (req, res) {
res.end('<script nonce="' + res.locals.nonce + '">alert(1 + 1);</script>')
})
```

Using CSP with a CDN
--------------------

The default behavior of CSP is generate headers tailored for the browser that's requesting your page. If you have a CDN in front of your application, the CDN may cache the wrong headers, rendering your CSP useless. Make sure to eschew a CDN when using this module or set the `browserSniff` option to `false`.
3 changes: 2 additions & 1 deletion package.json
View file
Expand Up @@ -2,7 +2,8 @@
"name": "helmet-csp",
"author": "Adam Baldwin <baldwin@andyet.net> (http://andyet.net/team/baldwin)",
"contributors": [
"Evan Hahn <me@evanhahn.com> (http://evanhahn.com)"
"Evan Hahn <me@evanhahn.com> (http://evanhahn.com)",
"Ryan Cannon <ryan@ryancannon.com> (https://ryancannon.com)"
],
"description": "Content Security Policy middleware.",
"version": "1.0.3",
Expand Down

0 comments on commit 27a7a23

Please sign in to comment.