by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Evan Hahn
    @EvanHahn
    please do not be afraid to come in here and ask questions
    i am alone
    Hock
    @martianmartian
    hi
    i'm having problem with helmet..
    when i deployed to heroku, it says, Error: Cannot find module './config.json'
    Evan Hahn
    @EvanHahn
    Do you have a stack trace? @iamwave007
    Evan Hahn
    @EvanHahn
    @iamwave007 I saw your GitHub issue. Feel free to respond here or on the issue
    Hock
    @martianmartian
    hey sorry i stopped working on that app lately. i will let you know in the future. thanks for being so responsive!
    Evan Hahn
    @EvanHahn
    @iamwave007 No problem!
    Evan Hahn
    @EvanHahn
    Just released Helmet 1.0.0 (and 1.0.1 quickly after)!
    Evan Hahn
    @EvanHahn
    helmet@1.1.0 released!
    Evan Hahn
    @EvanHahn
    helmet@2.0.0 released!
    Rivka Haiman
    @rivkabenshalom
    @EvanHahn Is elment prevent scripts?
    Evan Hahn
    @EvanHahn
    @rivkabenshalom sorry to respond so late—i've been traveling
    what do you mean?
    Helmet doesn't prevent cross-site scripting, though it can help mitigate it in some cases.
    Evan Hahn
    @EvanHahn
    FYI: I'm not always in this chat room, so add a GitHub issue if you need something! I'm much better about checking there
    Evan Hahn
    @EvanHahn
    Helmet 2.3.0 released!
    Evan Hahn
    @EvanHahn
    Helmet 3.0.0 released! https://helmetjs.github.io/
    Evan Hahn
    @EvanHahn
    I am going to stop monitoring this Gitter because it's barely used. Please feel free to open a GitHub issue if you have any questions—I am happy to help.
    Thanks for using Helmet!
    Emma Rose
    @arcrose
    @here testing
    @EvanHahn Hello! I'm working with a group that's got an application built on Meteor. Unfortunately I'm not particularly familiar with Meteor myself, but understand that it uses Express under the hood. By any chance, do you happen to know if anyone has adapted Helmet to work with Meteor applications, or if there is some documentation we may be able to reference to figure that out?
    Emma Rose
    @arcrose
    Scratch that I was confused about meteor being related to express
    andreas
    @andreasvirkus
    Hi, hope this Gitter channel is still active. got a question about using csp
    import csp from 'helmet-csp';
    
    app.use(csp({
      directives: {
        defaultSrc: [`'self'`],
        scriptSrc: [`'self'`, `'unsafe-inline'`, `*.google-analytics.com/`],
        styleSrc: [`'self'`, `'unsafe-inline'`],
        frameSrc: [`'self'`, `*.youtube.com/`, `*.vimeo.com/`],
        childSrc: [`'self'`, `*.youtube.com/`, `*.vimeo.com/`],
        objectSrc: [`'self'`, `*.youtube.com/`, `*.vimeo.com/`],
        imgSrc: [`*.amazonaws.com`, `data:`, `'self'`],
        connectSrc: [`'self'`],
        upgradeInsecureRequests: true
      }
    }));

    And then the errors I get with it lead me to believe most of these directives haven't registered properly:

    Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-S87yxoMcr9T7U+ZcUvvvkw7U6Ja2xsYbceNLyApPIr0='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

    Refused to load the image 'http://localhost:8080/favicon.ico' because it violates the following Content Security Policy directive: "img-src data: amazonaws.com".

    Refused to load the script 'https://localhost:8080/dist/build.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

    Adel
    @AdelMahjoub
    I thought this was a helmet store, nvm
    Evan Hahn
    @EvanHahn
    @andreasvirkus Sorry I missed your message—I haven't logged into Gitter in a long time. Feel free to open an issue or email me@evanhahn.com and I can try to help
    andreas
    @andreasvirkus
    @EvanHahn I think the issue was on my side, since I resolved it shortly after. Thanks for a great lib!