@forter/forter-csp

v1.31.949

Published

2 days ago

Forter Content Security Policy domain definitions and formatting utilities

0High
0Medium
0Low

forter-npm

lirown

oweingart

csp content-security-policy forter security

@forter/forter-csp

Official Forter Content Security Policy (CSP) domain definitions and formatting utilities.

Installation

npm install @forter/forter-csp

Usage

Get CSP Policies Object

import { getCspPolicies, getProdCspPolicies, getDevCspPolicies } from '@forter/forter-csp';

// Get policies for specific environment
const prodPolicies = getCspPolicies(true);   // Production
const devPolicies = getCspPolicies(false);   // Development

// Or use direct methods
const prodPolicies = getProdCspPolicies();
const devPolicies = getDevCspPolicies();

// Result structure:
// {
//   'connect-src': ['https://*.forter.com', 'wss://cdn0.forter.com', ...],
//   'script-src': ['https://*.forter.com', ...],
//   'worker-src': ['blob:']
// }

Format CSP as String

import { formatCspPolicies, getCspPolicies } from '@forter/forter-csp';

const policies = getCspPolicies(true);
const cspString = formatCspPolicies(policies);

// Result (newline-separated):
// connect-src https://*.forter.com wss://cdn0.forter.com ...
// script-src https://*.forter.com ...
// worker-src blob:

Format CSP as Header

import { formatCspHeader, getCspPolicies } from '@forter/forter-csp';

const policies = getCspPolicies(true);
const headerValue = formatCspHeader(policies);

// Result (semicolon-separated for HTTP header):
// connect-src https://*.forter.com ...; script-src https://*.forter.com ...; worker-src blob:

API Reference

Functions

`getCspPolicies(isProd: boolean): CspPolicies`

Returns CSP policies for the specified environment.

`getProdCspPolicies(): CspPolicies`

Returns production CSP policies.

`getDevCspPolicies(): CspPolicies`

Returns development CSP policies.

`formatCspPolicies(policies: CspPolicies): string`

Formats policies as newline-separated string (snippet file format).

`formatCspHeader(policies: CspPolicies): string`

Formats policies as semicolon-separated string (HTTP header format).

`getFormattedCsp(isProd: boolean): string`

Convenience method returning formatted CSP string for environment.

Types

type CspDirective = 'connect-src' | 'script-src' | 'worker-src';

interface CspPolicies {
  'connect-src': string[];
  'script-src': string[];
  'worker-src': string[];
}

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

@forter/forter-csp

Installation

Usage

Get CSP Policies Object

Format CSP as String

Format CSP as Header

API Reference

Functions

getCspPolicies(isProd: boolean): CspPolicies

getProdCspPolicies(): CspPolicies

getDevCspPolicies(): CspPolicies

formatCspPolicies(policies: CspPolicies): string

formatCspHeader(policies: CspPolicies): string

getFormattedCsp(isProd: boolean): string

Types

`getCspPolicies(isProd: boolean): CspPolicies`

`getProdCspPolicies(): CspPolicies`

`getDevCspPolicies(): CspPolicies`

`formatCspPolicies(policies: CspPolicies): string`

`formatCspHeader(policies: CspPolicies): string`

`getFormattedCsp(isProd: boolean): string`