1.0 KiB
1.0 KiB
express-csp
Rapid, configurable Content Security Policy middleware for Express, powered by Helmet and simple YAML configuration.
Features
- Secure defaults with CSP via
helmet - Configuration in clean, readable YAML
- Easily swappable policies per environment
- Fully tested with Jest & Supertest
Installation
npm install helmet yaml
npm install --save-dev jest supertest
Usage
const express = require('express')
const csp = require('express-csp')
const app = express()
const policyPath = './csp-policy.yml'
app.use(csp(policyPath))
app.get('/', (req, res) => res.send('Secure by CSP!'))
app.listen(3000)
Sample Policy
default-src: ["'self'"]
script-src:
- "'self'"
- example.com
style-src:
- "'self'"
- "https:"
- "'unsafe-inline'"
img-src:
- "'self'"
- "data:"
object-src: ["'none'"]
upgrade-insecure-requests: []
License
ISC License
Contributing
PRs welcome! For bugs or suggestions, open an issue.