Comments (4)
You saw that because X-Content-Security-Policy is a legacy header. We set it and the new ones to cover old browsers, but now we sniff the user agent and decide which header to set.
This should be fixed.
from helmet.
Thanks! Can you publish the newest version to npm pls?
from helmet.
pushed 0.1.3 (getting errors adding @EvanHahn as a maintainer, but will
do that as soon as possible)
Michael Heuberger wrote:
Thanks! Can you publish the newest version to npm pls?
—
Reply to this email directly or view it on GitHub
#27 (comment).
from helmet.
thanks :)
from helmet.
Related Issues (20)
- Deployment on Vercel using .mjs HOT 13
- X-Powered-By is not being removed from the haeder in default mode HOT 2
- Getting Error Type 'typeof import("/home/quophyie/projects/helmet-issue/node_modules/helmet/index")' has no call signatures when running tests with jest, ts-jest when using ESM / ECMAScript Modules HOT 13
- helmet + sanitizeFilter HOT 1
- Require Node 18+ HOT 5
- Support `unsafe-none` in `helmet.crossOriginEmbedderPolicy`? HOT 1
- Typescript required versions HOT 2
- 7.1.0 Rollup error HOT 17
- Disable HSTS headers by default on localhost HOT 9
- Error "script-src-elem" is an invalid directive HOT 3
- 'self' and 'none' values lack quotes HOT 4
- swagger HOT 2
- Getting Name of Blocked Script? HOT 3
- Increase default Strict-Transport-Security maxAge to 1 year HOT 3
- remove block-all-mixed-content from helmet-csp default directives HOT 6
- helmet default directives doesnt match helmet-csp default directives HOT 3
- Strict-Transport-Security middleware should throw, not warn, when misspelling "includeSubDomains" option HOT 2
- Content-Security-Policy `getDefaultDirectives` should return a deep copy HOT 3
- csp header lack `script-src-elem` HOT 4
- [feature request] "simple allow everything" setting for development work? HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helmet.