		{
		"name": "express-csp-header",
		"version": "2.0.0",
		"version": "2.0.1",
		"description": "Content-Security-Policy middleware for Express",
		@@ -34,5 +34,5 @@ "main": "index.js",
		"dependencies": {
		"csp-header": "^1.0.0",
		"csp-header": "^1.0.1",
		"parse-domain": "^0.2.1"
		}
		}

README.md

		@@ -73,2 +73,22 @@ # Content-Security-Policy middleware for Express

		### Presets

		Your policies can also be extended by presets. Presets are npm-modules containing CSP rules and prefixed by ``csp-preset``. Example of preset:

		```js
		module.exports = {
		'connect-src': ['my-super-service.com'],
		'style-src': ['my-super-service.com']
		};
		```

		Presets can be easely applied to existing CSP rules by ``presets`` property:

		```js
		app.use(csp({
		policies: myCSPPolicies,
		presets: ['yandex-metrika', 'google-analytics'] // csp-preset-yandex-metrika and csp-preset-google-analytics will be apllied
		}));
		```

		### Content-Security-Policy-Report-Only mode
		@@ -115,20 +135,1 @@
		```

		### Release notes:

		#### v1.2.1
		* fix leaking to global scope by [@i-akhmadullin](https://github.com/i-akhmadullin)

		#### v1.2.0
		* new csp-header with CSP 3

		#### v1.1.0
		* Policies extending

		#### v1.0.0:

		* All arguments combined into single ``params`` argument
		* Added boolean param ``reportOnly`` that switches on Content-Security-Policy-Report-Only mode

		#### v0.1.0:
		* Dynamic tld (thanks to [@msmirnov](https://github.com/msmirnov))

yarn.lock

Sorry, the diff of this file is not supported yet

express-csp-header - npm Package Compare versions

New alerts