ajinabraham.njsscan.good.good_helmet_checks.helmet_header_check_csp

profile photo of ajinabrahamajinabraham
Author
unknown
Download Count*
GPLv3
License

Content Security Policy header is present. More Information: https://helmetjs.github.io/docs/csp/

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: helmet_header_check_csp
    message: "Content Security Policy header is present. More Information:
      https://helmetjs.github.io/docs/csp/"
    languages:
      - javascript
    severity: INFO
    patterns:
      - pattern-not: |
          $HELMET(..., {contentSecurityPolicy: false}, ...)
      - pattern-either:
          - pattern: |
              helmet({contentSecurityPolicy: {directives: ...}})
          - pattern: |
              helmet.contentSecurityPolicy({directives: ...})
          - pattern: |
              csp({directives: ...})
    metadata:
      license: LGPL-3.0-or-later