Express Csp 这是一个 Express 扩展,它可以让你在 Express 应用上设置 content - security - policy。
示例代码:
var csp = require('express-csp');var app = express(); csp.extend(app, { policy: { directives: { 'default-src': ['self', 'https://*.foo.com'], 'script-src': ['*.apis.bar.com'] } }, reportPolicy: { useScriptNonce: true, useStyleNonce: true, directives: { 'default-src': ['self', 'https://*.foo.com'], 'script-src': ['*.apis.bar.com'], 'plugin-types': ['application/pdf'] } } });
