add csp headers

itmr-dev · Feb 19, 2024 · 681bf55 · 681bf55
1 parent 67ec38c
commit 681bf55
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "blaze",
-  "version": "2.0.4",
+  "version": "2.0.5",
   "description": "blazing fast ci/cd. small rest api service to receive ghcr event hooks to update services running in a dockerized portainer instance",
   "main": "index.js",
   "scripts": {
@@ -31,6 +31,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.4.3",
     "express": "^4.18.2",
+    "express-csp-header": "^5.2.1",
     "serve-favicon": "^2.5.0",
     "yaml": "^2.3.4"
   }

diff --git a/src/index.ts b/src/index.ts
@@ -9,6 +9,7 @@ import https from 'https';
 import type { Application, Request, Response } from 'express';
 import favicon from 'serve-favicon';
 import path from 'path';
+import { expressCspHeader, NONE, SELF } from 'express-csp-header';
 
 dotenv.config();
 
@@ -37,6 +38,14 @@ app.use((_req: Request, res: Response, next: () => void): void => {
   res.setHeader('X-Powered-By', 'Blaze');
   next();
 });
+app.use(
+  expressCspHeader({
+    directives: {
+      'default-src': [NONE],
+      'img-src': [SELF],
+    },
+  }),
+);
 app.use(favicon(path.join(__dirname, '..', 'assets', 'favicon.ico')));
 
 let hookCount: number = 0;

diff --git a/yarn.lock b/yarn.lock
@@ -667,6 +667,11 @@ cross-spawn@^7.0.2:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
+csp-header@^5.2.1:
+  version "5.2.1"
+  resolved "https://registry.yarnpkg.com/csp-header/-/csp-header-5.2.1.tgz#4152b83af88febc7737640ce11e266d59f353d23"
+  integrity sha512-qOJNu39JZkPrbrAM40a1tQCePEPYVIoI6nMDhX4RA07QjU8efS+zyd/zE83XJu85KKazH9NjKlvvlswFMteMgg==
+
 debug@2.6.9:
   version "2.6.9"
   resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
@@ -1015,6 +1020,14 @@ etag@~1.8.1:
   resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887"
   integrity sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==
 
+express-csp-header@^5.2.1:
+  version "5.2.1"
+  resolved "https://registry.yarnpkg.com/express-csp-header/-/express-csp-header-5.2.1.tgz#015361becc72013c439e9366ca48cbec609891d4"
+  integrity sha512-HvVCUa3GwqH9m4rG0y+s6bHENNxtPzLccM1bSmZNiMIWwMc38Q2Gkz6byiDkrqmnqaCJ9+9cc/p2Pd4QqOmx9Q==
+  dependencies:
+    csp-header "^5.2.1"
+    psl "1.8.0"
+
 express@^4.18.2:
   version "4.18.2"
   resolved "https://registry.yarnpkg.com/express/-/express-4.18.2.tgz#3fabe08296e930c796c19e3c516979386ba9fd59"
@@ -1892,6 +1905,11 @@ proxy-from-env@^1.1.0:
   resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
   integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==
 
+psl@1.8.0:
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/psl/-/psl-1.8.0.tgz#9326f8bcfb013adcc005fdff056acce020e51c24"
+  integrity sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==
+
 pstree.remy@^1.1.8:
   version "1.1.8"
   resolved "https://registry.yarnpkg.com/pstree.remy/-/pstree.remy-1.1.8.tgz#c242224f4a67c21f686839bbdb4ac282b8373d3a"