I want to set some custom options for one of the helmet.js middlewares but I don’t understand if by doing so the other middlewares are enabled or I have to enable them explicitly ? From helmet.js docs: Should I add app.use(helmet()) before the above code ? Answer app.use(helmet()) includes all of Helmet’s default middlewares with their default options. app.use(helmet.contentSecurityPolicy()) only
Tag: helmet.js
Helmet Content Security Policy Global Path not working
I am using Helmet to set up the content security policies of my web app in the backend using Express. The policies look like the following: When my app tries to access a link such as https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/bootstrap.min.css. It says that it violates the styleSrc policy. But I have specified as one of the policies that https://maxcdn.bootstrapcdn.com/bootstrap is allowed, I thought