-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathserver-valid.ts
41 lines (32 loc) · 1008 Bytes
/
server-valid.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import * as express from 'express';
import { randomBytes } from 'crypto';
const app = express();
const port = 3333;
const appFolder = 'www';
// Generate CSP nonce
const nonce = randomBytes(16).toString('base64');
console.log('GENERATED NONCE', nonce);
// Set the view templating engine
app.engine('html', require('ejs').renderFile);
// Change the default "views" directory so express can find our HTML
app.set('views', appFolder);
// Apply the CSP header to the response
app.use(function (_, res, next) {
res.setHeader(
'Content-Security-Policy',
`style-src 'nonce-${nonce}'; script-src 'nonce-${nonce}';`
);
next();
});
app.use('/', express.static(appFolder, {}));
// Default route, renders our SPA
app.get('/home', function (_, res) {
res.render('index.html', { nonce });
});
// Exposed endpoint to get the generated nonce value
app.get('/nonce', function (_, res) {
res.send({ nonce });
});
app.listen(port, () =>
console.log(`server started at http://localhost:${port}/`)
);