Skip to content

Instantly share code, notes, and snippets.

@refabr1k

refabr1k/server.js

Last active October 26, 2023 02:19
Show Gist options
  • Save refabr1k/d0153b80049205e1728a075847839ee2 to your computer and use it in GitHub Desktop.
Save refabr1k/d0153b80049205e1728a075847839ee2 to your computer and use it in GitHub Desktop.
Download ZIP
nodejs csp example
Raw
server.js
const express = require('express');
const helmet = require('helmet');
const app = express();
const PORT = 3000;
// Using Helmet to set CSP
// app.use(helmet());
// app.use(helmet.contentSecurityPolicy({
// directives: {
// defaultSrc: ["'self'"] // Only allow content from the current domain
// // scriptSrc: ["'unsafe-inline'", "'unsafe-eval'"].join(' ')
// // scriptSrc: ["'unsafe-inline'"]
// // scriptSrc: ["'unsafe-eval'"]
// // scriptSrc: ["'self'"] // Only allow scripts from the current domain
// }
// }));
app.use((req, res, next) => {
// Set Content Security Policy
//res.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests;");
// res.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests;");
// res.setHeader("Content-Security-Policy", "script-src 'unsafe-inline'");
next();
});
app.use(express.urlencoded({ extended: true }));
app.all('/', (req, res) => {
const inputText = req.body.inputField || "";
res.send(`
<form action="/" method="POST">
<label for="inputField">Enter Text:</label>
<input type="text" id="inputField" name="inputField">
<input type="submit" value="Submit">
</form>
<div id="htmlOutput">${inputText}</div>
`);
});
app.listen(PORT, () => {
console.log(`Server is running on http://localhost:${PORT}`);
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment