npm
Sign UpSign In

content-security-policy

0.3.4 • Public • Published

Build Status Coverage Status

content-security-policy

Middleware to add Content-Security-Policy header according to http://www.w3.org/TR/CSP/

Install

    $ npm install content-security-policy --save

Tests

    $ npm install --dev
    $ npm test

Usage

const csp = require('content-security-policy');
const express = require('express');
const app = express();
 
const cspPolicy = {
  'report-uri': '/reporting',
  'default-src': csp.SRC_NONE,
  'script-src': [ csp.SRC_SELF, csp.SRC_DATA ]
};
 
const globalCSP = csp.getCSP(csp.STARTER_OPTIONS);
const localCSP = csp.getCSP(cspPolicy);
 
// This will apply this policy to all requests if no local policy is set
app.use(globalCSP);
 
app.get('/', (req, res) => {
  res.send('Using global content security policy!');
});
 
// This will apply the local policy just to this path, overriding the globla policy
app.get('/local', localCSP, (req, res) => {
  res.send('Using path local content security policy!');
});
 
app.listen(3000, () => {
  console.log('Example app listening on port 3000!');
});
 

Versions

Current Tags

VersionDownloads (Last 7 Days)Tag
0.3.42,102latest

Version History

VersionDownloads (Last 7 Days)Published
0.3.42,102
0.3.39
0.3.25
0.3.10
0.3.00
0.2.20
0.2.00
0.1.10
0.1.00

Package Sidebar

Install

npm i content-security-policy

Repository

github.com/samuelerdtman/content-security-policy

Homepage

github.com/samuelerdtman/content-security-policy#readme

Weekly Downloads

1,880

Version

0.3.4

License

none

Unpacked Size

17.7 kB

Total Files

15

Last publish

Collaborators

  • samuelerdtman
Try on RunKit
Report malware