Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for CSP nonces #110

Merged
merged 2 commits into from
Aug 7, 2017
Merged

Add support for CSP nonces #110

merged 2 commits into from
Aug 7, 2017

Conversation

linkRace
Copy link
Collaborator

@linkRace linkRace commented Aug 7, 2017

both/either style/script src options

@linkRace
Add support for CSP nonces
6c48a8e 
both/either style/script src options
@linkRace linkRace mentioned this pull request Aug 7, 2017
Closed
gabrielcsapo
gabrielcsapo suggested changes Aug 7, 2017
View reviewed changes
index.js Outdated


/**
* Outputs all security headers based on configuration
* @param {Object} options The configuration object.
*/
var lusca = module.exports = function (options) {
var headers = [];
var headers = [], nonce;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we separate the declarations?

index.js Outdated
nonce = true;
}

//if (key === 'csp' && lusca[key](config) && lusca[key](config)[styleNonce])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we remove the dead code?

index.js Outdated
@@ -46,6 +58,7 @@ var lusca = module.exports = function (options) {
return;
}
header(req, res, next);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we change this from

header(req, res, next)
return

to

return header(req, res, next);

lib/csp.js
@@ -27,6 +29,22 @@ module.exports = function (options) {
}

return function csp(req, res, next) {
if (styleNonce) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we can split these if statements into util functions for easier testing?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

meh, it hurts the readability imo. also forces the res object to be passed around more than is necessary

@linkRace linkRace merged commit 1007930 into master Aug 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gabrielcsapo gabrielcsapo gabrielcsapo requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@linkRace @gabrielcsapo