Expanded config for more options

2025-04-15 14:19:01 -06:00 · 2025-04-15 14:19:01 -06:00 · 4b35c9fe09
commit 4b35c9fe09
parent affb9f5a0d
3 changed files with 30 additions and 30 deletions
--- a/csp-policy.yml
+++ b/csp-policy.yml
@ -5,6 +5,10 @@
 #      script-src 'self' example.com;object-src 'none';
 #      upgrade-insecure-requests"
 # Note: embedded single quotes are required
+xFrameOptions: SAMEORIGIN
+contentSecurityPolicy:
+  useDefaults: false
+  directives:
    default-src: [ "'self'" ]
    base-uri: [ "'self'" ]
    font-src:
--- a/index.cjs
+++ b/index.cjs
@ -7,11 +7,5 @@ module.exports = (path) => {
  const csppolicy = fs.readFileSync(path, 'utf8')
  const csp = YAML.parse(csppolicy)

-  return helmet({
-    contentSecurityPolicy: {
-      useDefaults: false,
-      directives: csp,
-    },
-    xFrameOptions: 'SAMEORIGIN',
-  })
+  return helmet(csp)
 }
--- a/test/index.test.js
+++ b/test/index.test.js
@ -19,6 +19,8 @@ describe('Rapid configurable Content Security Policy middleware', () => {
    fs.writeFileSync(
      customPolicyPath,
      `
+contentSecurityPolicy:
+  directives:
    default-src: ["'self'"]
    script-src: ["'self'", "https://cdn.example.com"]
    `,