csp-headers - npm Package Compare versions

Comparing version 0.0.2 to 0.0.3

screenshot.png

package.json

		{
		"name": "csp-headers",
		"version": "0.0.2",
		"version": "0.0.3",
		"description": "Connect middleware for adding csp policies to your site.",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -1,2 +0,2 @@
		# CSP-headers
		# CSP-headers [![Build Status](https://travis-ci.org/canuckistani/csp-headers.png)](https://travis-ci.org/canuckistani/csp-headers)

		@@ -42,2 +42,2 @@ Connect middleware that allows you to define a csp policy as a JS object.

		![](http://note.io/1x3GeH3)
		![](./screenshot.png)

126

test/test-csp-server.js

		@@ -7,74 +7,88 @@ var assert = require('assert');

		it('tests generating a csp', function() {
		// should return:
		var intended = {
		headerName: "Content-Security-Policy-Report-Only",
		policy: "img-src 'self' .cdn-domain.com; default-src 'self' .mydomain.com"
		}
		var testCsp = {
		directives: {
		'img-src': [ 'self', '*.cdn-domain.com' ],
		'default-src': [ 'self', '*.mydomain.com' ]
		},
		debug: true
		};
		describe('test csp-headers module', function() {

		var _csp = csp.compile(testCsp);
		it('tests generating a csp', function() {
		// should return:
		var intended = {
		headerName: "Content-Security-Policy-Report-Only",
		policy: "img-src 'self' .cdn-domain.com; default-src 'self' .mydomain.com"
		}
		var testCsp = {
		directives: {
		'img-src': [ 'self', '*.cdn-domain.com' ],
		'default-src': [ 'self', '*.mydomain.com' ]
		},
		debug: true
		};

		assert.equal(intended.headerName, _csp.headerName);
		assert.equal(intended.policy, _csp.policy);
		});
		var _csp = csp.compile(testCsp);

		it('tests generating csp policy samples', function() {
		var intended = [
		"default-src 'self'",
		"default-src 'self' *.mydomain.com",
		"default-src 'self'; img-src *; media-src media1.com media2.com; script-src userscripts.example.com",
		"default-src https://onlinebanking.jumbobank.com",
		"default-src 'self' .mailsite.com; img-src "
		];
		assert.equal(intended.headerName, _csp.headerName);
		assert.equal(intended.policy, _csp.policy);
		});

		assert.equal(csp.compile({directives: {'default-src': 'self'}}).policy, intended[0]);
		it('tests generating csp policy samples', function() {
		var intended = [
		"default-src 'self'",
		"default-src 'self' *.mydomain.com",
		"default-src 'self'; img-src *; media-src media1.com media2.com; script-src userscripts.example.com",
		"default-src https://onlinebanking.jumbobank.com",
		"default-src 'self' .mailsite.com; img-src "
		];

		assert.equal(csp.compile({
		directives: {'default-src': ['self', '*.mydomain.com']}
		}).policy, intended[1]);
		assert.equal(csp.compile({directives: {'default-src': 'self'}}).policy, intended[0]);

		assert.equal(csp.compile({
		directives: {
		'default-src': 'self',
		'img-src': '*',
		'media-src': ['media1.com', 'media2.com'],
		'script-src': 'userscripts.example.com',
		}
		}).policy, intended[2]);
		assert.equal(csp.compile({
		directives: {'default-src': ['self', '*.mydomain.com']}
		}).policy, intended[1]);

		assert.equal(csp.compile({directives: {'default-src': 'https://onlinebanking.jumbobank.com'}}).policy, intended[3]);
		assert.equal(csp.compile({
		directives: {
		'default-src': 'self',
		'img-src': '*',
		'media-src': ['media1.com', 'media2.com'],
		'script-src': 'userscripts.example.com',
		}
		}).policy, intended[2]);

		assert.equal(csp.compile({directives: {
		'default-src': ['self', '*.mailsite.com'],
		'img-src': '*'
		}}).policy, intended[4]);
		assert.equal(csp.compile({directives: {'default-src': 'https://onlinebanking.jumbobank.com'}}).policy, intended[3]);

		});
		assert.equal(csp.compile({directives: {
		'default-src': ['self', '*.mailsite.com'],
		'img-src': '*'
		}}).policy, intended[4]);

		it('tests debug mode', function() {
		assert.equal(csp.compile({debug: true, directives: {'img-src': '*'}}).headerName, 'Content-Security-Policy-Report-Only');
		assert.equal(csp.compile({debug: false, directives: {'img-src': '*'}}).headerName, 'Content-Security-Policy');
		assert.equal(csp.compile({directives: {'img-src': '*'}}).headerName, 'Content-Security-Policy');
		});

		it('tests debug mode', function() {
		assert.equal(csp.compile({debug: true, directives: {'img-src': '*'}}).headerName, 'Content-Security-Policy-Report-Only');
		assert.equal(csp.compile({debug: false, directives: {'img-src': '*'}}).headerName, 'Content-Security-Policy');
		assert.equal(csp.compile({directives: {'img-src': '*'}}).headerName, 'Content-Security-Policy');
		});
		});

		it ('tests adding a csp policy to a connect app', function(done) {

		var app = connect();

		var _config = {directives: {
		'default-src': 'self',
		'img-src': '*'
		}};
		describe('tests a live server', function() {

		app.use(csp.createCSP(_config))
		var port = process.env.PORT \|\| 3001;
		var server;

		var server = http.createServer(app);
		server.listen(3001, function() {
		before(function(done) {

		var app = connect();
		var _config = {directives: {
		'default-src': 'self',
		'img-src': '*'
		}};

		app.use(csp.createCSP(_config))

		server = http.createServer(app);
		server.listen(port, function() {
		done();
		});
		});

		it ('tests adding a csp policy to a connect app', function(done) {
		request.get('http://localhost:3001/')
		@@ -81,0 +95,0 @@ .on('response', function(response) {

csp-headers - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics