This addon adds the Content-Security-Policy header to response sent from the Ember CLI Express server. Clearly, Ember CLI is not intended for production use, and neither is this addon. This is intended as a tool to ensure that CSP is kept in the forefront of your thoughts while developing an Ember application.

Options

This addon is configured via your applications config/environment.js file. Two specific properties are used from your projects configuration:

contentSecurityPolicyHeader -- The header to use for CSP (default: Content-Security-Policy)
contentSecurityPolicy -- This is an object that is used to build the final header value. Each key/value in this object is converted into a key/value pair in the resulting header value.

The default contentSecurityPolicy value is:

  contentSecurityPolicy: {
    'default-src': 'none',
    'script-src': 'self',
    'connect-src': 'self',
    'img-src': 'self',
    'style-src': 'self'
  }

Which is translated into:

default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';

Please note, that when running ember serve with live reload enabled, we also add the liveReloadPort to the connect-src whitelist.

Installation

npm install --save-dev ember-cli-content-security-policy

Resources:

Keywords

ember-addon

FAQs

What is ember-cli-content-security-policy?

Is ember-cli-content-security-policy popular?

Is ember-cli-content-security-policy well maintained?

Last updated on 29 Sep 2014

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

ember-cli-content-security-policy