← Каталог
Безопасность приложений — JavaScript / Node.js
Фрагмент из «Безопасность приложений»: JavaScript / Node.js.
const helmet = require('helmet');
const express = require('express');
const app = express();
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "https://cdn.trusted.com"],
styleSrc: ["'self'", "'unsafe-inline'"]
}
},
hsts: { maxAge: 31536000, includeSubDomains: true }
}));const helmet = require('helmet');
const express = require('express');
const app = express();
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "https://cdn.trusted.com"],
styleSrc: ["'self'", "'unsafe-inline'"]
}
},
hsts: { maxAge: 31536000, includeSubDomains: true }
}));