@entur/csp

Generate CSP headers with help from TypeScript

1.0.1
latest
Source
npm

Version published: 4 years ago

Weekly downloads: 149; decreased by-6.29%

Maintainers: 13

Weekly downloads

Created: 4 years ago

Source

@entur/csp

Generate CSP headers with help from TypeScript.

The Content-Security-Policy is an important security feature. But it can get pretty long and cumbersome to update. This nifty tool lets you generate the header string from a JavaScript (or TypeScript) object.

If you are using TypeScript you can use our enums to get help in the form of type coverage and autocomplete in your editor.

npm install @entur/csp

Example:

// myCsp.ts

import { stringifyCSP, Directive, PolicyValue } from '@entur/csp'

const myDomains = [
    PolicyValue.SELF,
    'example.com',
    '*.example.com',
]

const policyString = stringifyCSP({
    [Directive.DEFAULT_SRC]: [SELF],
    [Directive.CONNECT_SRC]: [
        ...MY_DOMAINS,
    ],
    [Directive.SCRIPT_SRC]: [
        PolicyValue.SELF,
        PolicyValue.UNSAFE_INLINE,
        PolicyValue.UNSAFE_EVAL,
        PolicyValue.BLOB,
        'https://www.googletagmanager.com',
        'https://tagmanager.google.com',
    ],
    [Directive.IMG_SRC]: [
        ...MY_DOMAINS,
        PolicyValue.DATA,
        PolicyValue.BLOB,
        'https://www.google-analytics.com',
    ],
    [Directive.STYLE_SRC]: [
        PolicyValue.SELF,
        PolicyValue.UNSAFE_INLINE,
    ],
})

FAQs

What is @entur/csp?

Is @entur/csp popular?

Is @entur/csp well maintained?

Package last updated on 04 Sep 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@entur/csp

@entur/csp

Example:

Related posts

Weekly Downloads Now Available in npm Package Search Results

Tech's $90B Ghost Engineer Problem: Stanford Study Finds 9.5% of Engineers Do Almost Nothing