express-csp-header - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

index.js

@@ -5,8 +5,8 @@ var cspHeader = require('csp-header');
 function expressCsp(policies, reportUri){
-	var cspString = cspHeader({
-		policies: policies,
-		'report-uri': reportUri
-	});
+	return function(req, res, next){
+		var cspString = cspHeader({
+			policies: policies,
+			'report-uri': (typeof reportUri === 'function' ? reportUri(req, res) : reportUri)
+		});
 
-	return function(req, res, next){
 		if(cspString){
@@ -13,0 +13,0 @@ if(cspString.indexOf(expressCsp.NONCE) > -1){

package.json

 {
   "name": "express-csp-header",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "Content-Security-Policy middleware for Express",
@@ -32,4 +32,4 @@ "main": "index.js",
   "dependencies": {
-    "csp-header": "^0.0.2"
+    "csp-header": "^0.0.3"
   }
 }

README.md

@@ -8,8 +8,6 @@ # Content-Security-Policy middleware for Express
 app.use(csp({
-    policies: {
-        'default-src': [ csp.SELF ],
-        'script-src': [ csp.SELF, csp.INLINE, 'somehost.com' ],
-        'style-src': [ csp.SELF, 'mystyles.net' ],
-        'img-src': [ 'data:', 'images.com' ]
-    }
+    'default-src': [ csp.SELF ],
+    'script-src': [ csp.SELF, csp.INLINE, 'somehost.com' ],
+    'style-src': [ csp.SELF, 'mystyles.net' ],
+    'img-src': [ 'data:', 'images.com' ]
 }));
@@ -26,5 +24,3 @@
 app.use(csp({
-    policies: {
-        'script-src': [ csp.NONCE ]
-    }
+    'script-src': [ csp.NONCE ]
 }));
@@ -44,7 +40,16 @@ // express will send header with a random nonce key "Content-Security-Policy: script-src 'nonce-pSQ9TwXOMI+HezKshnuRaw==';"
 app.use(csp({
-    policies: {
-        'script-src': [ csp.SELF ]
-    }
+    'script-src': [ csp.SELF ]
 }, 'https://cspreport.com/send'));
 // express will send header with a random nonce key "Content-Security-Policy: script-src 'self'; report-uri https://cspreport.com/send;"
+```
+
+If you want to pass some params to the report uri just pass function instaed of string:
+
+```js
+app.use(csp({
+    'script-src': [ csp.SELF ]
+}, function(req, res){
+    return 'https://cspreport.com/send?time=' + Number(new Date());
+}));
+// express will send header with a random nonce key "Content-Security-Policy: script-src 'self'; report-uri https://cspreport.com/send?time=1460467355592;"
 ```

test/index.test.js

@@ -35,3 +35,3 @@ var should = require('should'),
 
-	it('should adds report-uri param', function(){
+	it('should adds report-uri param as string', function(){
 		var actual = mockApp.use(expressCsp({
@@ -43,2 +43,12 @@ 'script-src': [ expressCsp.SELF ]
 	});
+
+	it('should adds report-uri param as function', function(){
+		var actual = mockApp.use(expressCsp({
+			'script-src': [ expressCsp.SELF ]
+		}, function(req, res){
+			return 'https://cspreport.com/send?time=' + Number(new Date());
+		}));
+
+		/report\-uri https\:\/\/cspreport\.com\/send\?time\=[0-9]+\;$/.test(actual.res.headers['Content-Security-Policy']).should.be.ok();
+	});
 });
@@ -45,0 +55,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4958

increased by17.96%

Lines of code

69

increased by13.11%

Number of lines in readme file

52

increased by10.64%

Dependency changes

• + Addedcsp-header@0.0.3(transitive)

• - Removedcsp-header@0.0.2(transitive)

• - Removedshould@8.4.0(transitive)

• - Removedshould-equal@0.8.0(transitive)

• - Removedshould-format@0.3.2(transitive)

• - Removedshould-type@0.2.0(transitive)

• Updatedcsp-header@^0.0.3