Working on Helmet issue #57.
| .DS_Store | |
| *.swp | |
| node_modules | |
| *.log |
| var express = require("express"); | |
| var session = require("express-session"); | |
| var logger = require("morgan"); | |
| var helmet = require("helmet"); | |
| var csrf = require("csurf"); | |
| var app = express(); | |
| app.set("port", process.env.PORT || 1337); | |
| app.use(logger("dev")); | |
| app.use(session({ | |
| secret: "abc123", | |
| resave: true, | |
| saveUninitialized: true | |
| })); | |
| app.post("/report-violation", function(req, res) { | |
| console.log("Report violation!"); | |
| res.send(200); | |
| }); | |
| app.use(csrf()); | |
| app.use(helmet.csp({ | |
| defaultSrc: ["'self'"], | |
| reportUri: "/report-violation" | |
| })); | |
| app.get("/", function(req, res) { | |
| res.send([ | |
| "<!DOCTYPE html>", | |
| "<html><body>", | |
| "This should trigger a CSP violation.", | |
| "<script>", | |
| "console.log(123);", | |
| "</script>", | |
| "</body></html>", | |
| ].join("\n")); | |
| }); | |
| app.get("/favicon.ico", function(req, res) { | |
| res.send(404); | |
| }); | |
| app.listen(app.get("port"), function() { | |
| console.log("App started on port " + app.get("port")); | |
| }); |
| { | |
| "private": true, | |
| "scripts": { | |
| "start": "node app" | |
| }, | |
| "dependencies": { | |
| "csurf": "^1.2.2", | |
| "express": "^4.4.5", | |
| "express-session": "^1.6.1", | |
| "helmet": "^0.3.2", | |
| "morgan": "^1.1.1" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment