Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to set nonce in helmet >4.0?
See original GitHub issueIn version 3 I could set nonce from res.locals like this:
...
scriptSrc: [
(req, res) => `'nonce-${res.locals.nonce}'`,
"'strict-dynamic'",
...
In 4.0 I get an error when providing a function for setting nonce:
Error: Content-Security-Policy received an invalid directive value for "script-src"
So the question is how to set nonce in helmet 4.0 ?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:3
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Helmet and contentSecurityPolicy and using nonce AND ...
I am a newbie here but I noticed that in your error: Refused to load the script '<URL>' because it violates the following...
Read more >Setting up Content Security Policy with JSS
In the server startup, we'll add middleware to generate the nonce. // server.js import helmet from 'helmet' import uuidv4 from 'uuid/v4' import express...
Read more >How to use the helmet.contentSecurityPolicy function in helmet
To help you get started, we've selected a few helmet. ... nonceGenerator(req, res, next) { res.locals.nonce = uuid.v4(); next(); }); /* eslint-disable ...
Read more >helmet - npm
First, run npm install helmet for your app. Then, in an Express app: const express = require("express"); const helmet = require("helmet"); ...
Read more >Helmet-csp NPM
helmet -csp v3.4.0. Install. Weekly downloads. 875,808. License. MIT. Repository. github. Last release. 2 years ago. Share icon Share package ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@mercteil That’s exactly right. Here’s a wiki page describing how to do that in more detail.
@einfallstoll Good point. I’ve added it to the changelog in c01ad1e37c964df0108c37da4dd32af4630df95e.
This has made me realize that I need to create a migration guide. See #241 to track this.
I’m going to close this issue because I think this has been resolved, but if folks really want this feature, we can discuss adding it back.
Agreed that this was pretty handy and simpler than the current solution. I haven’t updated to helmet 4.0.0 due to this issue, so if it’s not too much work, I’d like the ability to use functions back too 🙂