Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/val-istar-guo/koa-csp

Used to set response header: Content-Security-Policy
https://github.com/val-istar-guo/koa-csp

content-security-policy csp koa koa-csp koa2

Last synced: about 1 month ago
JSON representation

Used to set response header: Content-Security-Policy

Host: GitHub
URL: https://github.com/val-istar-guo/koa-csp
Owner: Val-istar-Guo
License: mit
Created: 2017-04-06T11:19:04.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2024-09-04T16:52:21.000Z (4 months ago)
Last Synced: 2024-11-16T16:23:47.747Z (about 1 month ago)
Topics: content-security-policy, csp, koa, koa-csp, koa2
Language: TypeScript
Homepage:
Size: 109 KB
Stars: 2
Watchers: 2
Forks: 8
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        


  



KOA-CSP


[![version](https://img.shields.io/npm/v/koa-csp.svg?style=flat-square)](https://www.npmjs.com/package/koa-csp)

[![downloads](https://img.shields.io/npm/dm/koa-csp.svg?style=flat-square)](https://www.npmjs.com/package/koa-csp)

[![license](https://img.shields.io/npm/l/koa-csp.svg?style=flat-square)](https://www.npmjs.com/package/koa-csp)

[![dependencies](https://img.shields.io/librariesio/github/Val-istar-Guo/koa-csp.svg?style=flat-square)](https://www.npmjs.com/package/koa-csp)

[![coveralls](https://img.shields.io/coveralls/github/Val-istar-Guo/koa-csp.svg?style=flat-square)](https://coveralls.io/github/Val-istar-Guo/koa-csp)

This is a koa2 middleware used to set response header `Content-Security-Policy`.

[What is CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)

## Usage

```javascript

import Koa from 'koa';

import csp from 'koa-csp';

const app = new Koa();

app.use(csp());

// It is equivalent to

app.use(csp({

  enableWarn: true,

  policy: { 'default-src': ['self'] },

}));

// Add you can add more policy

app.use(csp({

  enableWarn: true,

  policy: {

    'img-src': ['self', 'img.example.com'],

    'script-src': ['script.example.com', '*.script.example.com'],

  },

}));

// some key words will be auto add single quotes

app.use(csp({

  policy: {

    'default-src': ['self', 'none', 'unsafe-inline', 'unsafe-eval', 'example.com'],

    // you can alse add single quotes manually

    'img-src': ["'self'"],

  },

}));

// OUTPUT: Content-Security-Policy: default-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' example.com; img-src 'self'

// CamelCase Support

app.use(csp({

  policy: {

    defaultSrc: ['self', 'none', 'unsafe-inline', 'unsafe-eval', 'example.com'],

    // you can alse add single quotes manually

    imgSrc: ["'self'"],

  },

}));

// OUTPUT: Content-Security-Policy: default-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' example.com; img-src 'self'

```

## Contributing & Development

If there is any doubt, it is very welcome to discuss the issue together.

Please read [Contributor Covenant Code of Conduct](.github/CODE_OF_CONDUCT.md) and [CONTRIBUTING](.github/CONTRIBUTING.md).