Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/meteorlxy/csp-helper

Helpers for creating Content Security Policy (CSP) header.
https://github.com/meteorlxy/csp-helper

content-security-policy csp nodejs

Last synced: 19 days ago
JSON representation

Helpers for creating Content Security Policy (CSP) header.

Host: GitHub
URL: https://github.com/meteorlxy/csp-helper
Owner: meteorlxy
License: mit
Created: 2024-09-24T00:55:20.000Z (about 2 months ago)
Default Branch: main
Last Pushed: 2024-10-16T06:24:37.000Z (28 days ago)
Last Synced: 2024-10-17T21:04:56.737Z (26 days ago)
Topics: content-security-policy, csp, nodejs
Language: TypeScript
Homepage:
Size: 325 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # csp-helper

[![github check](https://github.com/meteorlxy/csp-helper/workflows/check/badge.svg)](https://github.com/meteorlxy/csp-helper/actions?query=workflow%3Acheck)

[![npm](https://badgen.net/npm/v/csp-helper)](https://www.npmjs.com/package/csp-helper)

[![coverage](https://coveralls.io/repos/github/meteorlxy/csp-helper/badge.svg?branch=main)](https://coveralls.io/github/meteorlxy/csp-helper?branch=main)

[![license](https://badgen.net/github/license/meteorlxy/csp-helper)](https://github.com/meteorlxy/csp-helper/blob/main/LICENSE)

Helpers for creating Content Security Policy (CSP) headers.

- Zero dependencies

- Build with TypeScript

- Merging multiple CSP configurations

- Providing preset CSP configurations for:

  - Datadog

  - Google Ads

  - Google Analytics 4

  - Google Identity

  - Google Tag Manager

  - Hotjar

  - Reddit

  - TikTok

  - Vimeo

  - X

  - Youtube

  - ... and more

## Installation

```bash

npm install csp-helper

```

## Usage

### `createCspHeader`

Create a CSP header string from a CSP configuration object.

```ts

import {

  CSP_PRESET_DATADOG_INTAKE_URLS,

  CSP_PRESET_DATADOG_WEB_WORKER,

  CSP_PRESET_GOOGLE_ANALYTICS_4,

  CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE,

  CSP_PRESET_HOTJAR,

  createCspHeader,

} from 'csp-helper';

const cspHeader = createCspHeader(

  {

    'default-src': `'self'`,

    'script-src': `'self' https://example.com`,

    'style-src': `'self' https://example.com`,

  },

  {

    includeHeaderName: true,

    presets: [

      CSP_PRESET_DATADOG_INTAKE_URLS,

      CSP_PRESET_DATADOG_WEB_WORKER,

      CSP_PRESET_GOOGLE_ANALYTICS_4,

      CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE,

      CSP_PRESET_HOTJAR,

    ],

  },

);

console.log(cspHeader);

```

### `mergeCspConfigs`

Merge multiple CSP configurations into one.

- Same values will be automatically deduplicated.

- Presets could also be used for merging.

```ts

import {

  CSP_PRESET_GOOGLE_ANALYTICS_4,

  CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE,

  mergeCspConfigs,

} from 'csp-helper';

const cspConfig = mergeCspConfigs([

  {

    'default-src': `'self'`,

    'script-src': `'self' https://example.com`,

    'style-src': `'self' https://example.com`,

  },

  {

    'script-src': `'self' https://example.com https://example2.com`,

    'style-src': `'self' https://example.com https://example2.com`,

  },

  CSP_PRESET_GOOGLE_ANALYTICS_4,

  CSP_PRESET_GOOGLE_TAG_MANAGER_UNSAFE_INLINE,

]);

console.log(cspConfig);

```

## License

[MIT](https://github.com/meteorlxy/csp-helper/blob/main/LICENSE) © [meteorlxy](https://github.com/meteorlxy) & [Contributors](https://github.com/meteorlxy/csp-helper/graphs/contributors)