Skip to content

Instantly share code, notes, and snippets.

@mdp

mdp/csp_middleware.js

Created October 13, 2015 17:23
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mdp/3764582f6c0f3dd24877 to your computer and use it in GitHub Desktop.
Save mdp/3764582f6c0f3dd24877 to your computer and use it in GitHub Desktop.
Download ZIP
Node.js CSP
Raw
csp_middleware.js
let sources = {
'default-src': ['\'self\''],
'script-src': ['\'self\'','https://*.myexternalcdn.com'],
'frame-src': ['https://someexternalframesource.com'],
'img-src': ['\'self\'', 'https:', 'data:'],
'style-src': ['\'self\'', 'https:'],
'font-src': ['\'self\'', 'https:'],
'connect-src': ['\'self\''],
}
let csp = Object.keys(sources).map(function(key){
return `${key} ${sources[key].join(' ')};`
})
export default function(req, res, next){
res.setHeader('Content-Security-Policy', csp.join(' '))
next()
}
// Usage app.use(cspMiddleware)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment