contrib.nodejsscan.good_helmet_checks.helmet_header_check_csp

Author
99
Download Count*
License
Content Security Policy header is present. More Information: https://helmetjs.github.io/docs/csp/
Run Locally
Run in CI
Defintion
rules:
- id: helmet_header_check_csp
message: "Content Security Policy header is present. More Information:
https://helmetjs.github.io/docs/csp/"
languages:
- javascript
severity: WARNING
patterns:
- pattern-not: |
$HELMET(..., {contentSecurityPolicy: false}, ...)
- pattern-either:
- pattern: |
helmet({contentSecurityPolicy: {directives: ...}})
- pattern: |
helmet.contentSecurityPolicy({directives: ...})
- pattern: |
csp({directives: ...})
metadata:
category: security
technology:
- node.js
- express
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Short Link: https://sg.run/5QwK