Content Security Policy not applying to html

Asked Jun 09 '23 at 07:33

Active Jun 09 '23 at 07:33

Viewed 25 times

I have set content security policy(CSP) in nodejs and it is getting applied to node. However, for the root html page CSP is not being applied. How can it be applied on html with the help of nodejs.

    app.use(function(req, res, next) {
    res.setHeader("Content-Security-Policy", "default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self'; connect-src 'self' ");
    return next();
});

asked Jun 09 '23 at 07:33

Mrunall Veer

Is the root HTML page served by this node server? – Salketer Jun 09 '23 at 07:48
Yes, index.html page – Mrunall Veer Jun 09 '23 at 07:56
If I check the the home page in security headers https://securityheaders.com/ - it says missing CSP headers – Mrunall Veer Jun 09 '23 at 07:58
And that use is before the static middleware in your sequence? Would you have a minimum reproduction ? – Salketer Jun 09 '23 at 08:00
Yes, before the static middleware I have set the CSP headers – Mrunall Veer Jun 09 '23 at 08:05

Content Security Policy not applying to html

0 Answers0