helmet-csp
Advanced tools
helmet-csp - npm Package Compare versions
Comparing version 2.7.1 to 2.8.0
| var config = require('../../config') | ||
| var has = require('../../has') | ||
| var checkers = { | ||
@@ -14,3 +15,3 @@ sourceList: require('./source-list'), | ||
| if (!config.directives.hasOwnProperty(key)) { | ||
| if (!has(config.directives, key)) { | ||
| throw new Error('"' + key + '" is an invalid directive. See the documentation for the supported list. Force this by enabling loose mode.') | ||
@@ -17,0 +18,0 @@ } |
@@ -30,3 +30,3 @@ module.exports = { | ||
| 'plugin-types': { type: 'pluginTypes' }, | ||
| 'sandbox': { type: 'sandbox' }, | ||
| sandbox: { type: 'sandbox' }, | ||
| 'report-to': { type: 'reportUri' }, | ||
@@ -51,2 +51,3 @@ 'report-uri': { type: 'reportUri' }, | ||
| sandboxDirectives: [ | ||
| 'allow-downloads-without-user-activation', | ||
| 'allow-forms', | ||
@@ -53,0 +54,0 @@ 'allow-modals', |
| var isFunction = require('./is-function') | ||
| var has = require('./has') | ||
| module.exports = function containsFunction (obj) { | ||
| for (var key in obj) { | ||
| if (!obj.hasOwnProperty(key)) { continue } | ||
| if (!has(obj, key)) { continue } | ||
@@ -7,0 +8,0 @@ var value = obj[key] |
| { | ||
| "name": "helmet-csp", | ||
| "author": "Adam Baldwin <baldwin@andyet.net> (http://andyet.net/team/baldwin)", | ||
| "author": "Adam Baldwin <adam@npmjs.com> (https://evilpacket.net)", | ||
| "contributors": [ | ||
@@ -9,3 +9,3 @@ "Evan Hahn <me@evanhahn.com> (https://evanhahn.com)", | ||
| "description": "Content Security Policy middleware.", | ||
| "version": "2.7.1", | ||
| "version": "2.8.0", | ||
| "license": "MIT", | ||
@@ -27,3 +27,17 @@ "keywords": [ | ||
| }, | ||
| "bugs": "https://github.com/helmetjs/csp/issues", | ||
| "bugs": { | ||
| "url": "https://github.com/helmetjs/csp/issues", | ||
| "email": "me@evanhahn.com" | ||
| }, | ||
| "homepage": "https://helmetjs.github.io/docs/csp/", | ||
| "engines": { | ||
| "node": ">=4.0.0" | ||
| }, | ||
| "files": [ | ||
| "CHANGELOG.md", | ||
| "LICENSE", | ||
| "README.md", | ||
| "index.js", | ||
| "lib/" | ||
| ], | ||
| "scripts": { | ||
@@ -36,3 +50,3 @@ "pretest": "standard --fix", | ||
| "camelize": "1.0.0", | ||
| "content-security-policy-builder": "2.0.0", | ||
| "content-security-policy-builder": "2.1.0", | ||
| "dasherize": "2.0.0", | ||
@@ -42,8 +56,7 @@ "platform": "1.3.5" | ||
| "devDependencies": { | ||
| "content-security-policy-parser": "^0.1.1", | ||
| "express": "^4.16.3", | ||
| "lodash": "^4.17.10", | ||
| "mocha": "^5.2.0", | ||
| "standard": "^11.0.1", | ||
| "supertest": "^3.1.0" | ||
| "content-security-policy-parser": "^0.2.0", | ||
| "express": "^4.17.1", | ||
| "mocha": "^6.2.0", | ||
| "standard": "^13.1.0", | ||
| "supertest": "^4.0.2" | ||
| }, | ||
@@ -50,0 +63,0 @@ "standard": { |
| Content Security Policy middleware | ||
| ================================== | ||
| [](https://travis-ci.org/helmetjs/csp) | ||
| [](http://standardjs.com/) | ||
| [_Looking for a changelog?_](https://github.com/helmetjs/helmet/blob/master/HISTORY.md) | ||
| Content Security Policy helps prevent unwanted content being injected into your webpages; this can mitigate cross-site scripting (XSS) vulnerabilities, malicious frames, unwanted trackers, and more. If you want to learn how CSP works, check out the fantastic [HTML5 Rocks guide](http://www.html5rocks.com/en/tutorials/security/content-security-policy/), the [Content Security Policy Reference](http://content-security-policy.com/), and the [Content Security Policy specification](http://www.w3.org/TR/CSP/). This module helps set Content Security Policies. | ||
@@ -13,3 +10,3 @@ | ||
| ```javascript | ||
| var csp = require('helmet-csp') | ||
| const csp = require('helmet-csp') | ||
@@ -98,3 +95,3 @@ app.use(csp({ | ||
| app.post('/report-violation', function (req, res) { | ||
| app.post('/report-violation', (req, res) => { | ||
| if (req.body) { | ||
@@ -119,6 +116,6 @@ console.log('CSP Violation: ', req.body) | ||
| ```js | ||
| var uuidv4 = require('uuid/v4') | ||
| const crypto = require('crypto') | ||
| app.use(function (req, res, next) { | ||
| res.locals.nonce = uuidv4() | ||
| res.locals.nonce = crypto.randomBytes(16).toString('hex') | ||
| next() | ||
@@ -131,5 +128,3 @@ }) | ||
| "'self'", | ||
| function (req, res) { | ||
| return "'nonce-" + res.locals.nonce + "'" // 'nonce-614d9122-d5b0-4760-aecf-3a5d17cf0ac9' | ||
| } | ||
| (req, res) => `'nonce-${res.locals.nonce}'` // 'nonce-348c18b14aaf3e00938d8bdd613f1149' | ||
| ] | ||
@@ -139,4 +134,4 @@ } | ||
| app.use(function (req, res) { | ||
| res.end('<script nonce="' + res.locals.nonce + '">alert(1 + 1);</script>') | ||
| app.use((req, res) => { | ||
| res.end(`<script nonce="${res.locals.nonce}">alert(1 + 1);</script>`) | ||
| }) | ||
@@ -143,0 +138,0 @@ ``` |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.59%
25226
- Dev dependency count
- decreased by-16.67%
5
- Number of package files
- increased by10%
22
- Lines of code
- increased by1.48%
480
- Number of low maintenance alerts
- decreased by-100%
0
Worsened metrics
- Number of lines in readme file
- decreased by-3.33%
145
Dependency changes
+ Addedcontent-security-policy-builder@2.1.0(transitive)
- Removedcontent-security-policy-builder@2.0.0(transitive)