![38% of CISOs Fear They’re Not Moving Fast Enough on AI](https://cdn.sanity.io/images/cgdhsj6q/production/faa0bc28df98f791e11263f8239b34207f84b86f-1024x1024.webp?w=400&fit=max&auto=format)
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
A CSP plugin for hapi.
This plugin depends on scooter to function.
To use it:
'use strict';
const Hapi = require('@hapi/hapi');
const Blankie = require('blankie');
const Scooter = require('@hapi/scooter');
const internals = {};
const server = Hapi.server();
internals.init = async () => {
await server.register([Scooter, {
plugin: Blankie,
options: {} // specify options here
}]);
await server.start();
};
internals.init().catch((err) => {
throw err;
});
Options may also be set on a per-route basis:
'use strict';
const Hapi = require('@hapi/hapi');
const Blankie = require('blankie');
const Scooter = require('@hapi/scooter');
const server = Hapi.server();
server.route({
method: 'GET',
path: '/something',
config: {
handler: (request, h) => {
return 'these settings are changed';
},
plugins: {
blankie: {
scriptSrc: 'self'
}
}
}
});
Note that this setting will NOT be merged with your server-wide settings.
You may also set config.plugins.blankie
equal to false
on a route to disable CSP headers completely for that route.
baseUri
: Values for base-uri
directive. Defaults 'self'
.childSrc
: Values for child-src
directive.connectSrc
: Values for the connect-src
directive. Defaults 'self'
.defaultSrc
: Values for the default-src
directive. Defaults to 'none'
.fontSrc
: Values for the font-src
directive.formAction
: Values for the form-action
directive.frameAncestors
: Values for the frame-ancestors
directive.frameSrc
: Values for the frame-src
directive.imgSrc
: Values for the image-src
directive. Defaults to 'self'
.manifestSrc
: Values for the manifest-src
directive.mediaSrc
: Values for the media-src
directive.objectSrc
: Values for the object-src
directive.oldSafari
: Force enabling buggy CSP for Safari 5.pluginTypes
: Values for the plugin-types
directive.reflectedXss
: Value for the reflected-xss
directive. Must be one of 'allow'
, 'block'
or 'filter'
.reportOnly
: Append '-Report-Only' to the name of the CSP header to enable report only mode.reportUri
: Value for the report-uri
directive. This should be the path to a route that accepts CSP violation reports.requireSriFor
: Value for require-sri-for
directive.sandbox
: Values for the sandbox
directive. May be a boolean or one of 'allow-forms'
, 'allow-same-origin'
, 'allow-scripts'
or 'allow-top-navigation'
.scriptSrc
: Values for the script-src
directive. Defaults to 'self'
.styleSrc
: Values for the style-src
directive. Defaults to 'self'
.workerSrc
: Values for the worker-src
directive. Defaults to 'self'
.generateNonces
: Whether or not to automatically generate nonces. Defaults to true
. May be a boolean or one of 'script'
or 'style'
. When enabled your templates rendered through vision will have script-nonce
and/or style-nonce
automatically added to their context, additionally request.plugins.blankie.nonces
will contain one or both of the 'script'
and 'style'
properties containing these values for use outside of vision.FAQs
a content security policy plugin for hapi
The npm package blankie receives a total of 0 weekly downloads. As such, blankie popularity was classified as not popular.
We found that blankie demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.