1. Advisor
  2. express-csp-header
  3. express-csp-header code examples
View all express-csp-header analysis

How to use express-csp-header - 3 common examples

To help you get started, we’ve selected a few express-csp-header examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github dkundel / onesie-life / lib / index.js View on Github external
const path = require('path');
const helmet = require('helmet');

const { verifyLogin } = require('./shared/jwt');
const { init, reset: resetDb } = require('./shared/db');
const { forceSsl } = require('./shared/https');

const app = express();
const PORT = process.env.PORT || 3000;

const parsePost = bodyParser.urlencoded({ extended: false });

const cspMiddleware = csp({
  policies: {
    'default-src': [csp.SELF],
    'script-src': [csp.NONCE],
    'style-src': [csp.NONCE],
    'object-src': [csp.NONE],
    'img-src': [csp.SELF, 'api.adorable.io', 'media.giphy.com'],
    'font-src': [csp.SELF, 'fonts.gstatic.com'],
    'block-all-mixed-content': true
  },
  reportUri: '/csp-report'
});

app.use(
  express.static(path.join(__dirname, '../public'), {
    index: false,
    extensions: ['html']
  })
);
app.use(markoExpress());
github dkundel / onesie-life / lib / index.js View on Github external
const { verifyLogin } = require('./shared/jwt');
const { init, reset: resetDb } = require('./shared/db');
const { forceSsl } = require('./shared/https');

const app = express();
const PORT = process.env.PORT || 3000;

const parsePost = bodyParser.urlencoded({ extended: false });

const cspMiddleware = csp({
  policies: {
    'default-src': [csp.SELF],
    'script-src': [csp.NONCE],
    'style-src': [csp.NONCE],
    'object-src': [csp.NONE],
    'img-src': [csp.SELF, 'api.adorable.io', 'media.giphy.com'],
    'font-src': [csp.SELF, 'fonts.gstatic.com'],
    'block-all-mixed-content': true
  },
  reportUri: '/csp-report'
});

app.use(
  express.static(path.join(__dirname, '../public'), {
    index: false,
    extensions: ['html']
  })
);
app.use(markoExpress());
app.use(cookieParser());
app.use(forceSsl);
github dkundel / onesie-life / lib / index.js View on Github external
const markoExpress = require('marko/express');
const path = require('path');
const helmet = require('helmet');

const { verifyLogin } = require('./shared/jwt');
const { init, reset: resetDb } = require('./shared/db');
const { forceSsl } = require('./shared/https');

const app = express();
const PORT = process.env.PORT || 3000;

const parsePost = bodyParser.urlencoded({ extended: false });

const cspMiddleware = csp({
  policies: {
    'default-src': [csp.SELF],
    'script-src': [csp.NONCE],
    'style-src': [csp.NONCE],
    'object-src': [csp.NONE],
    'img-src': [csp.SELF, 'api.adorable.io', 'media.giphy.com'],
    'font-src': [csp.SELF, 'fonts.gstatic.com'],
    'block-all-mixed-content': true
  },
  reportUri: '/csp-report'
});

app.use(
  express.static(path.join(__dirname, '../public'), {
    index: false,
    extensions: ['html']
  })
);

express-csp-header

Content-Security-Policy middleware for Express

GitHub
WTFPL
Latest version published 9 months ago

Package Health Score

61 / 100
Full package analysis

Popular express-csp-header functions

Similar packages