{"id":13464801,"url":"https://github.com/nlf/blankie","last_synced_at":"2025-05-05T03:43:21.660Z","repository":{"id":18631733,"uuid":"21837885","full_name":"nlf/blankie","owner":"nlf","description":"a hapi CSP plugin","archived":false,"fork":false,"pushed_at":"2023-05-22T21:11:40.000Z","size":363,"stargazers_count":52,"open_issues_count":16,"forks_count":16,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-05T03:42:50.785Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nlf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2014-07-14T22:25:50.000Z","updated_at":"2024-02-20T22:18:13.000Z","dependencies_parsed_at":"2022-09-24T14:52:06.677Z","dependency_job_id":"38b9e501-26f6-47a3-96bc-25d687f6ecc2","html_url":"https://github.com/nlf/blankie","commit_stats":{"total_commits":70,"total_committers":9,"mean_commits":7.777777777777778,"dds":"0.30000000000000004","last_synced_commit":"9d2fd7f52001c0207636d0dc5bb4a2e33395af3b"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nlf%2Fblankie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nlf%2Fblankie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nlf%2Fblankie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nlf%2Fblankie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nlf","download_url":"https://codeload.github.com/nlf/blankie/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252436240,"owners_count":21747467,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T14:00:50.592Z","updated_at":"2025-05-05T03:43:21.643Z","avatar_url":"https://github.com/nlf.png","language":"JavaScript","readme":"## blankie\n\nA CSP plugin for [hapi](https://github.com/hapijs/hapi).\n\n### Usage\n\nThis plugin depends on [scooter](https://github.com/hapijs/scooter) to function.\n\nTo use it:\n\n```javascript\n'use strict';\n\nconst Hapi = require('@hapi/hapi');\nconst Blankie = require('blankie');\nconst Scooter = require('@hapi/scooter');\n\nconst internals = {};\n\nconst server = Hapi.server();\n\ninternals.init = async () =\u003e {\n\n    await server.register([Scooter, {\n        plugin: Blankie,\n        options: {} // specify options here\n    }]);\n\n    await server.start();\n};\n\ninternals.init().catch((err) =\u003e {\n\n    throw err;\n});\n```\n\nOptions may also be set on a per-route basis:\n\n```javascript\n'use strict';\n\nconst Hapi = require('@hapi/hapi');\nconst Blankie = require('blankie');\nconst Scooter = require('@hapi/scooter');\n\nconst server = Hapi.server();\n\nserver.route({\n    method: 'GET',\n    path: '/something',\n    config: {\n        handler: (request, h) =\u003e {\n\n            return 'these settings are changed';\n        },\n        plugins: {\n            blankie: {\n                scriptSrc: 'self'\n            }\n        }\n    }\n});\n```\n\nNote that this setting will *NOT* be merged with your server-wide settings.\n\nYou may also set `config.plugins.blankie` equal to `false` on a route to disable CSP headers completely for that route.\n\n### Options\n\n* `baseUri`: Values for `base-uri` directive. Defaults `'self'`.\n* `childSrc`: Values for `child-src` directive.\n* `connectSrc`: Values for the `connect-src` directive. Defaults `'self'`.\n* `defaultSrc`: Values for the `default-src` directive. Defaults to `'none'`.\n* `fontSrc`: Values for the `font-src` directive.\n* `formAction`: Values for the `form-action` directive.\n* `frameAncestors`: Values for the `frame-ancestors` directive.\n* `frameSrc`: Values for the `frame-src` directive.\n* `imgSrc`: Values for the `image-src` directive. Defaults to `'self'`.\n* `manifestSrc`: Values for the `manifest-src` directive.\n* `mediaSrc`: Values for the `media-src` directive.\n* `objectSrc`: Values for the `object-src` directive.\n* `oldSafari`: Force enabling buggy CSP for Safari 5.\n* `pluginTypes`: Values for the `plugin-types` directive.\n* `reflectedXss`: Value for the `reflected-xss` directive. Must be one of `'allow'`, `'block'` or `'filter'`.\n* `reportOnly`: Append '-Report-Only' to the name of the CSP header to enable report only mode.\n* `reportUri`: Value for the `report-uri` directive. This should be the path to a route that accepts CSP violation reports.\n* `requireSriFor`: Value for `require-sri-for` directive.\n* `sandbox`: Values for the `sandbox` directive. May be a boolean or one of `'allow-forms'`, `'allow-same-origin'`, `'allow-scripts'` or `'allow-top-navigation'`.\n* `scriptSrc`: Values for the `script-src` directive. Defaults to `'self'`.\n* `styleSrc`: Values for the `style-src` directive. Defaults to `'self'`.\n* `workerSrc`: Values for the `worker-src` directive. Defaults to `'self'`.\n* `generateNonces`: Whether or not to automatically generate nonces. Defaults to `true`. May be a boolean or one of `'script'` or `'style'`. When enabled your templates rendered through [vision](https://github.com/hapijs/vision) will have `script-nonce` and/or `style-nonce` automatically added to their context, additionally `request.plugins.blankie.nonces` will contain one or both of the `'script'` and `'style'` properties containing these values for use outside of vision.\n","funding_links":[],"categories":["JavaScript","Web Framework Hardening"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnlf%2Fblankie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnlf%2Fblankie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnlf%2Fblankie/lists"}