How to use the lusca.csp function in lusca
To help you get started, we’ve selected a few lusca examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
avoidwork / tenso / src / utility.js View on Github 
fnCookie = cookie();
fnSession = session(sesh);
obj.server.use(fnSession).blacklist(fnSession);
obj.server.use(fnCookie).blacklist(fnCookie);
obj.server.use(middleware.bypass).blacklist(middleware.bypass);
if (config.security.csrf) {
luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
obj.server.use(csrfWrapper).blacklist(csrfWrapper);
}
}
if (config.security.csp instanceof Object) {
luscaCsp = lusca.csp(config.security.csp);
obj.server.use(luscaCsp).blacklist(luscaCsp);
}
if (!isEmpty(config.security.xframe || "")) {
luscaXframe = lusca.xframe(config.security.xframe);
obj.server.use(luscaXframe).blacklist(luscaXframe);
}
if (!isEmpty(config.security.p3p || "")) {
luscaP3p = lusca.p3p(config.security.p3p);
obj.server.use(luscaP3p).blacklist(luscaP3p);
}
if (config.security.hsts instanceof Object) {
luscaHsts = lusca.hsts(config.security.hsts);
obj.server.use(luscaHsts).blacklist(luscaHsts);fnCookie = cookie();
fnSesh = session(sesh);
obj.server.use(fnSesh).blacklist(fnSesh);
obj.server.use(fnCookie).blacklist(fnCookie);
obj.server.use(bypass).blacklist(bypass);
if (config.security.csrf) {
luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
obj.server.use(csrfWrapper).blacklist(csrfWrapper);
}
}
if (config.security.csp instanceof Object) {
luscaCsp = lusca.csp(config.security.csp);
obj.server.use(luscaCsp).blacklist(luscaCsp);
}
if (!string.isEmpty(config.security.xframe || "")) {
luscaXframe = lusca.xframe(config.security.xframe);
obj.server.use(luscaXframe).blacklist(luscaXframe);
}
if (!string.isEmpty(config.security.p3p || "")) {
luscaP3p = lusca.p3p(config.security.p3p);
obj.server.use(luscaP3p).blacklist(luscaP3p);
}
if (config.security.hsts instanceof Object) {
luscaHsts = lusca.hsts(config.security.hsts);
obj.server.use(luscaHsts).blacklist(luscaHsts);fn(null, html);
} catch (err) {
fn(err);
}
});
})
.set('views', __dirname + '/markdown')
.set('view engine', 'md')
.use(session(config.get('session')))
.use(function (req, res, next) {
res.set('X-CSRF', config.get('session').secret);
return next();
})
.disable('x-powered-by') /** Do not advertise Express **/
.use(lusca.csrf()) /** Cross Site Request Forgery **/
.use(lusca.csp({policy: config.csp})) /** Content Security Policy **/
.use(lusca.xframe('SAMEORIGIN')) /** Helps prevent Clickjacking **/
.use(lusca.hsts({ maxAge: 31536000 }))
.use(lusca.xssProtection(true))
.use(helmet.noSniff())
.use(helmet.ieNoOpen())
.use(helmet.publicKeyPins({
maxAge: NINETY_DAYS_IN_MILLISECONDS,
sha256s: ['base64==', 'base64=='], /** Needs to be changed **/
includeSubdomains: true
}))
.use(compress()) /** Use gzip compression **/
.use(express.static(__dirname)); /** Serve static files **/
app.get('/', function(req, res) {
if (res.get('X-CSRF') === config.get('session').secret) {
res.redirect('/client');
} else {fnCookie = cookie();
fnSession = session(sesh);
obj.always(fnSession).blacklist(fnSession);
obj.always(fnCookie).blacklist(fnCookie);
obj.always(middleware.bypass).blacklist(middleware.bypass);
if (config.security.csrf) {
luscaCsrf = lusca.csrf({key: config.security.key, secret: config.security.secret});
obj.always(csrfWrapper).blacklist(csrfWrapper);
}
}
if (config.security.csp instanceof Object) {
luscaCsp = lusca.csp(config.security.csp);
obj.always(luscaCsp).blacklist(luscaCsp);
}
if (isEmpty(config.security.xframe || "") === false) {
luscaXframe = lusca.xframe(config.security.xframe);
obj.always(luscaXframe).blacklist(luscaXframe);
}
if (isEmpty(config.security.p3p || "") === false) {
luscaP3p = lusca.p3p(config.security.p3p);
obj.always(luscaP3p).blacklist(luscaP3p);
}
if (config.security.hsts instanceof Object) {
luscaHsts = lusca.hsts(config.security.hsts);
obj.always(luscaHsts).blacklist(luscaHsts);
