Skip to content

Instantly share code, notes, and snippets.

@EvanHahn

EvanHahn/.gitignore

Last active Aug 29, 2015
Embed
What would you like to do?
Working on Helmet issue #57.
.DS_Store
*.swp
node_modules
*.log
var express = require("express");
var session = require("express-session");
var logger = require("morgan");
var helmet = require("helmet");
var csrf = require("csurf");
var app = express();
app.set("port", process.env.PORT || 1337);
app.use(logger("dev"));
app.use(session({
secret: "abc123",
resave: true,
saveUninitialized: true
}));
app.post("/report-violation", function(req, res) {
console.log("Report violation!");
res.send(200);
});
app.use(csrf());
app.use(helmet.csp({
defaultSrc: ["'self'"],
reportUri: "/report-violation"
}));
app.get("/", function(req, res) {
res.send([
"<!DOCTYPE html>",
"<html><body>",
"This should trigger a CSP violation.",
"<script>",
"console.log(123);",
"</script>",
"</body></html>",
].join("\n"));
});
app.get("/favicon.ico", function(req, res) {
res.send(404);
});
app.listen(app.get("port"), function() {
console.log("App started on port " + app.get("port"));
});
{
"private": true,
"scripts": {
"start": "node app"
},
"dependencies": {
"csurf": "^1.2.2",
"express": "^4.4.5",
"express-session": "^1.6.1",
"helmet": "^0.3.2",
"morgan": "^1.1.1"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.