Working on Helmet issue #57.
.DS_Store | |
*.swp | |
node_modules | |
*.log |
var express = require("express"); | |
var session = require("express-session"); | |
var logger = require("morgan"); | |
var helmet = require("helmet"); | |
var csrf = require("csurf"); | |
var app = express(); | |
app.set("port", process.env.PORT || 1337); | |
app.use(logger("dev")); | |
app.use(session({ | |
secret: "abc123", | |
resave: true, | |
saveUninitialized: true | |
})); | |
app.post("/report-violation", function(req, res) { | |
console.log("Report violation!"); | |
res.send(200); | |
}); | |
app.use(csrf()); | |
app.use(helmet.csp({ | |
defaultSrc: ["'self'"], | |
reportUri: "/report-violation" | |
})); | |
app.get("/", function(req, res) { | |
res.send([ | |
"<!DOCTYPE html>", | |
"<html><body>", | |
"This should trigger a CSP violation.", | |
"<script>", | |
"console.log(123);", | |
"</script>", | |
"</body></html>", | |
].join("\n")); | |
}); | |
app.get("/favicon.ico", function(req, res) { | |
res.send(404); | |
}); | |
app.listen(app.get("port"), function() { | |
console.log("App started on port " + app.get("port")); | |
}); |
{ | |
"private": true, | |
"scripts": { | |
"start": "node app" | |
}, | |
"dependencies": { | |
"csurf": "^1.2.2", | |
"express": "^4.4.5", | |
"express-session": "^1.6.1", | |
"helmet": "^0.3.2", | |
"morgan": "^1.1.1" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment