Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Simple app to set CSP.
var express = require('express');
var path = require('path');
var HEADER_VALUE = "default-src 'self';";
var HEADERS = [
'Content-Security-Policy',
'X-Content-Security-Policy',
'X-Webkit-CSP'
];
var app = express();
app.set('port', process.env.PORT || 8000);
app.use(function(req, res, next) {
HEADERS.forEach(function(header) {
res.setHeader(header, HEADER_VALUE);
});
next();
});
app.use(express.static(path.resolve(__dirname, 'static')));
app.listen(app.get('port'), function() {
console.log('App started on port ' + app.get('port'));
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.