Skip to content
/ csp-header Public
forked from frux/csp-header

Content-Security-Policy header generator for Node.JS

0 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Kri0-Gen/csp-header

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
test
test
 
 
.editorconfig
.editorconfig
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

csp-header

Content-Security-Policy header generator for Node.JS

Usage

const csp = require('csp-header');
csp({
  policies: {
    'script-src': [
      csp.SELF,
      csp.INLINE,
      csp.EVAL,
      csp.nonce('gg3g43#$g32gqewgaAEGeag2@#GFQ#g=='),
      'example.com'
    ],
    'style-src': [
      csp.SELF,
      'mystyle.net'
    ]
  }
  'report-uri': 'https://cspreport.com/send'
});

// result: "script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-gg3g43#$g32gqewgaAEGeag2@#GFQ#g==' example.com; style-src 'self' mystyle.net; report-uri https://cspreport.com/send;"

Extending

If you want to extend your config by some rules:

const myCSPPolicies = require('./my-csp-rules');

csp({
  policies: myCSPPolicies,
  extend: {
    'connect-src': ['test.com']
  }
});

Presets

You can use csp presets prefixed by 'csp-preset'. If you have a web-service it would be great if you write preset with rules for your service users.

E.g. your service is called my-super-service.com. You publish preset csp-preset-my-super-service containing following code:

modules.exports = {
  'script-src': ['api.my-super-service.com'],
  'img-src': ['images.my-super-service.com']
};

Then someone wants to configure its CSP to work with your service. And now it's so easy:

const myCSPPolicies = require('./my-csp-rules');

csp({
  policies: myCSPPolicies,
  presets: ['my-super-service']
});

And you will get a lot of thanks ;)

About

Content-Security-Policy header generator for Node.JS

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • JavaScript 100.0%