Skip to content

Instantly share code, notes, and snippets.

@evdama
Created July 11, 2019 04:37
Show Gist options
  • Save evdama/61a2e13456ab28e023a3cdd99f14d0e3 to your computer and use it in GitHub Desktop.
Save evdama/61a2e13456ab28e023a3cdd99f14d0e3 to your computer and use it in GitHub Desktop.
Sapper with content security enabled for script tags
// @ts-nocheck
// TODO: remove once there are typings in place
import './css/tailwind.css';
import * as sapper from '@sapper/server';
import compression from 'compression';
import express from 'express';
import helmet from "helmet";
import sirv from 'sirv';
import uuidv4 from 'uuid/v4';
const {
PORT,
NODE_ENV
} = process.env;
const dev = NODE_ENV === 'development';
const app = express();
if ( dev ) {
app.use(
sirv( 'static', { dev } )
);
}
app.use(
( request, response, next ) => { response.locals.nonce = uuidv4(); next(); },
sapper.middleware(),
helmet( {
contentSecurityPolicy: {
directives: {
scriptSrc: [
"'self'",
( request, response ) => `'nonce-${response.locals.nonce}'`
]
},
browserSniff: false
}
}
),
( request, response ) => { response.end( `<script nonce="${response.locals.nonce}"></script>` ) },
compression( { threshold: 0 } )
);
if ( dev ) {
app.listen( PORT, err => { if ( err ) console.log( 'error', err ); } );
}
export { app };
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment