@mcansh/http-helmet
v0.12.0
Published
easily add CSP and other security headers to your web application.
Downloads
5,026
Readme
HTTP Helmet
easily add CSP and other security headers to your web application.
Install
# npm
npm i @mcansh/http-helmet
Usage
basic example using @mjackson/node-fetch-server
import * as http from "node:http";
import { createRequestListener } from "@mjackson/node-fetch-server";
import { createNonce, createSecureHeaders } from "@mcansh/http-helmet";
let html = String.raw;
let handler = (request) => {
let nonce = createNonce();
let headers = createSecureHeaders({
"Content-Security-Policy": {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", `'nonce-${nonce}'`],
},
});
headers.append("content-type", "text/html");
return new Response(
html`
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1.0"
/>
<title>Hello World</title>
</head>
<body>
<h1>Hello World</h1>
<script nonce="${nonce}">
console.log("nonce configured");
</script>
<script>
alert("nonce not configured");
</script>
</body>
</html>
`,
{ headers },
);
};
let server = http.createServer(createRequestListener(handler));
server.listen(3000);
console.log("✅ app ready: http://localhost:3000");