tessl/npm-koa-helmet
Security header middleware collection for Koa applications that wraps Helmet.js
91
1.04x
task.mdevals/scenario-9/
Content Security Policy Middleware
Build a Koa middleware that configures Content Security Policy (CSP) headers for a web application serving both static content and dynamic API responses.
Requirements
Your middleware should:
- Set up a CSP that allows scripts only from the same origin and a trusted CDN at
https://cdn.example.com - Allow images from any source
- Allow styles from the same origin and inline styles
- Block all object embeds (Flash, etc.)
- Allow connections (fetch, XHR, WebSocket) to the same origin and an API at
https://api.example.com - Set default source to 'self' only
Implementation
@generates
API
/**
* Creates a Koa middleware that sets Content Security Policy headers.
*
* @returns {Function} Koa middleware function
*/
function createCSPMiddleware() {
// IMPLEMENTATION HERE
}
module.exports = { createCSPMiddleware };Test Cases
- The middleware sets a Content-Security-Policy header @test
- The CSP allows scripts from same origin and cdn.example.com @test
- The CSP allows images from any source @test
- The CSP blocks object embeds @test
Dependencies { .dependencies }
koa-helmet { .dependency }
Provides security header middleware for Koa applications, including Content Security Policy configuration.
@satisfied-by
Install with Tessl CLI
npx tessl i tessl/npm-koa-helmetdocs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10