Skip to content

Instantly share code, notes, and snippets.

@EvanHahn

EvanHahn/.gitignore

Last active August 29, 2015 14:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save EvanHahn/600390eb08aad20842bf to your computer and use it in GitHub Desktop.
Save EvanHahn/600390eb08aad20842bf to your computer and use it in GitHub Desktop.
Download ZIP
Working on Helmet issue #57.
Raw
.gitignore
.DS_Store
*.swp
node_modules
*.log
Raw
app.js
var express = require("express");
var session = require("express-session");
var logger = require("morgan");
var helmet = require("helmet");
var csrf = require("csurf");
var app = express();
app.set("port", process.env.PORT || 1337);
app.use(logger("dev"));
app.use(session({
secret: "abc123",
resave: true,
saveUninitialized: true
}));
app.post("/report-violation", function(req, res) {
console.log("Report violation!");
res.send(200);
});
app.use(csrf());
app.use(helmet.csp({
defaultSrc: ["'self'"],
reportUri: "/report-violation"
}));
app.get("/", function(req, res) {
res.send([
"<!DOCTYPE html>",
"<html><body>",
"This should trigger a CSP violation.",
"<script>",
"console.log(123);",
"</script>",
"</body></html>",
].join("\n"));
});
app.get("/favicon.ico", function(req, res) {
res.send(404);
});
app.listen(app.get("port"), function() {
console.log("App started on port " + app.get("port"));
});
Raw
package.json
{
"private": true,
"scripts": {
"start": "node app"
},
"dependencies": {
"csurf": "^1.2.2",
"express": "^4.4.5",
"express-session": "^1.6.1",
"helmet": "^0.3.2",
"morgan": "^1.1.1"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment