Librarium
Settings

10 - Set a Content Security Policy with helmet.contentSecurityPolicy() - freeCodeCamp

Ganesh H
gaminglearningtechnologyapicampcertificationcodecontentcontent security policycrossdatadefault-srcdevelopmentdirectivesethicalfilteringfreecodecamphackerhackingheaderhelmethelmetjshelmetjs guidehelmetjs installhtmlhttpsjavajavascriptmiddlewarenodenpmnpm helmetjspolicyprogrammerprogrammingprojectprotectionscriptscript-srcsecuritysignsitesourcessrcstrictstyle-srctransporttutorialuserwalkthroughwebxss

IMPORTANT - You must use Helmet version 2.3.0 to pass this test! We can use Helmet middleware to set up a Content Security Policy header that dictates where various resources for our page can be loaded from.

Link to Challenge : https://www.freecodecamp.org/learn/information-security/information-security-with-helmetjs/set-a-content-security-policy-with-helmet-contentsecuritypolicy Written Guide: https://www.notion.so/ganeshh123/Set-a-Content-Security-Policy-with-helmet-contentSecurityPolicy-2192642ad3a246af822b4e5d6921369f

Full Playlist for this course : https://www.youtube.com/playlist?list=PLhGp6N0DI_1TeEsQOdf1JmV8PnkQfEpQ4 All Writen Guides for this course : https://www.notion.so/ganeshh123/8ba82d9d1ff84c4583d6e9418ebe426b All My Tutorials can be found at : https://www.notion.so/Tutorials-Ganesh-H-293ea420d34a464f9a1907e0405b5f26

00:00 - Introduction 00:03 - What is a CSP? 00:11 - Example of a CSP Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads. https://content-security-policy.com/ 00:37 - Directives 01:09 - Sources 01:36 - Browser Support for CSP 01:58 - helmet.csp() helmet.contentSecurityPolicy sets the Content-Security-Policy header which helps mitigate cross-site scripting attacks, among other things. https://github.com/helmetjs/helmet/tree/master/middlewares/content-security-policy 02:33 - Use Helmet version 2.3.0 02:42 - Setting CSP Header with Helmet 05:48 - Trusted CDNs 06:34 - Note about Method Name 06:58 - Testing

-————————————————————————————————————- HelmetJS is a type of middleware for Express-based applications that automatically sets HTTP headers to prevent sensitive information from unintentionally being passed between the server and client. While HelmetJS does not account for all situations, it does include support for common ones like Content Security Policy, XSS Filtering, and HTTP Strict Transport Security, among others. HelmetJS can be installed on an Express project from npm, after which each layer of protection can be configured to best fit the project.

freeCodeCamp (also referred to as “Free Code Camp”) is a non-profit organization that consists of an interactive learning web platform, an online community forum, chat rooms, online publications and local organizations that intend to make learning web development accessible to anyone. Beginning with tutorials that introduce students to HTML, CSS and JavaScript, students progress to project assignments that they complete either alone or in pairs. Upon completion of ... https://www.youtube.com/watch?v=Gucn0CivyjI

2021-06-25
0.0 LBC
Copyrighted (contact publisher)

64772149 Bytes