Naphthalene Possum Management

    @npmcorp/blankie

    1.3.0 • Public • Published

    blankie

    A CSP plugin for hapi.

    Usage

    This plugin depends on scooter to function.

    To use it:

    var Hapi = require('hapi');
    var Blankie = require('blankie');
    var Scooter = require('scooter');
     
    var server = new Hapi.Server();
     
    server.register([Scooter, {
        register: Blankie,
        options: {} // specify options here
    }], function (err) {
        
        if (err) {
            throw err;
        }
     
        server.start();
    });

    Options may also be set on a per-route basis:

    var Hapi = require('hapi');
    var Blankie = require('blankie');
    var Scooter = require('scooter');
     
    var server = new Hapi.Server();
     
    server.route({
        method: 'GET',
        path: '/something',
        config: {
            handler: function (request, reply) {
     
                reply('these settings are changed');
            },
            plugins: {
                blankie: {
                    scriptSrc: 'self'
                }
            }
        }
    });

    Note that this setting will NOT be merged with your server-wide settings.

    You may also set config.plugins.blankie equal to false on a route to disable CSP headers completely for that route.

    Options

    • childSrc: Values for child-src directive.
    • connectSrc: Values for the connect-src directive. Defaults 'self'.
    • defaultSrc: Values for the default-src directive. Defaults to 'none'.
    • fontSrc: Values for the font-src directive.
    • formAction: Values for the form-action directive.
    • frameAncestors: Values for the frame-ancestors directive.
    • frameSrc: Values for the frame-src directive.
    • imgSrc: Values for the image-src directive. Defaults to 'self'.
    • manifestSrc: Values for the manifest-src directive.
    • mediaSrc: Values for the media-src directive.
    • objectSrc: Values for the object-src directive.
    • oldSafari: Force enabling buggy CSP for Safari 5.
    • pluginTypes: Values for the plugin-types directive.
    • reflectedXss: Value for the reflected-xss directive. Must be one of 'allow', 'block' or 'filter'.
    • reportOnly: Append '-Report-Only' to the name of the CSP header to enable report only mode.
    • reportUri: Value for the report-uri directive. This should be the path to a route that accepts CSP violation reports.
    • sandbox: Values for the sandbox directive. May be a boolean or one of 'allow-forms', 'allow-same-origin', 'allow-scripts' or 'allow-top-navigation'.
    • scriptSrc: Values for the script-src directive. Defaults to 'self'.
    • styleSrc: Values for the style-src directive. Defaults to 'self'.

    Install

    npm i @npmcorp/blankie

    DownloadsWeekly Downloads

    5

    Version

    1.3.0

    License

    MIT

    Last publish

    Collaborators

    • kmkumaran
    • fauldsh
    • trevrosen
    • vipuljain
    • bhaveshbhati
    • devyani-chowdhury2
    • ben-1997
    • raashidanwar
    • ruslan-bikkinin
    • makhmudjon-inadullaev
    • isaacs
    • fritzy
    • npm
    • kirupakaranh
    • npmci
    • 20shivangi
    • akshayagh
    • nishantms
    • prabum3
    • ghostdevhv
    • s121pradhan
    • amit-avit
    • saquibkhan
    • nehsharmms
    • dhilipdkkumar
    • sandeepmeduru
    • singit
    • lisayu
    • neeldani
    • arjgupta
    • ashishonce
    • nlf
    • asranja
    • phanikm
    • andrialexandrou
    • thedave42
    • gar
    • darcyclarke
    • ruyadorno
    • mangwana
    • npm-sre-readonly
    • npm-sre-write
    • robdnpm
    • john7doe
    • soph2k
    • lumaxis
    • meijin007
    • sapieneptus
    • jacobe
    • gordey4doronin
    • hilli
    • christoflemke
    • maxxkrakoa
    • owenniblock
    • olefriis
    • ethomson
    • baj-
    • stoneman
    • radiantspace
    • smeirsha
    • jmoody
    • t-dekell
    • t-dedim
    • mylesborins
    • ndorfman
    • npm-qa
    • npm-qa-tfa1
    • npm-qa-tfa2
    • jar349
    • trevorsg
    • rzhade3
    • seryozha95
    • royetadmor
    • synse
    • fabyus
    • lukekarrys
    • levenleven
    • timaramazanov
    • anurbol