koa-csp
v1.2.6
Published
Used to set respose header: Content-Security-Policy
Downloads
2,297
Maintainers
Readme
This is a koa2 middleware used to set response header Content-Security-Policy
.
Usage
import Koa from 'koa';
import csp from 'koa-csp';
const app = new Koa();
app.use(csp());
// It is equivalent to
app.use(csp({
enableWarn: true,
policy: { 'default-src': ['self'] },
}));
// Add you can add more policy
app.use(csp({
enableWarn: true,
policy: {
'img-src': ['self', 'img.example.com'],
'script-src': ['script.example.com', '*.script.example.com'],
},
}));
// some key words will be auto add single quotes
app.use(csp({
policy: {
'default-src': ['self', 'none', 'unsafe-inline', 'unsafe-eval', 'example.com'],
// you can alse add single quotes manually
'img-src': ["'self'"],
},
}));
// OUTPUT: Content-Security-Policy: default-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' example.com; img-src 'self'
// CamelCase Support
app.use(csp({
policy: {
defaultSrc: ['self', 'none', 'unsafe-inline', 'unsafe-eval', 'example.com'],
// you can alse add single quotes manually
imgSrc: ["'self'"],
},
}));
// OUTPUT: Content-Security-Policy: default-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' example.com; img-src 'self'
Contributing & Development
If there is any doubt, it is very welcome to discuss the issue together. Please read Contributor Covenant Code of Conduct and CONTRIBUTING.