-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathserver.js
44 lines (36 loc) · 1022 Bytes
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
const express = require('express');
const helmet = require('helmet');
const path = require('path');
const { v4: uuidv4 } = require('uuid');
// Small Express server to test the CSP NONCE function
const app = express();
app.engine('html', require('ejs').renderFile);
app.use('/components/', express.static(path.join(__dirname, 'components')));
app.use('/proprietary/', express.static(path.join(__dirname, 'proprietary')));
app.use(function (req, res, next) {
res.locals.nonce = uuidv4();
next();
});
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: [
"'self'",
function (req, res) {
return "'nonce-" + res.locals.nonce + "'";
},
],
styleSrc: [
"'self'",
function (req, res) {
return "'nonce-" + res.locals.nonce + "'";
},
],
},
}),
);
app.get('/', function (req, res) {
res.render(__dirname + '/index.html', { nonce: res.locals.nonce });
});
app.listen(3000);