Reputation: 144
How to use 3rd party libraries and inline scripts in nodejs app while helmet enabled
I was developing a nodejs app and implimented some security , I used helmet like this
app.use(helmet())
now browser does not allow me to use third party libraries and inline script . you can check image
So I found solution. see below
app.use(helmet({ contentSecurityPolicy: false}))
now everything solved . I want to know that why this happen how to use 3rd party libraries and inline scripts without the setting contentSecurityPolicy: false in helmet
I also found about we must include a manifest.json file in public folder and mention all third party libraries in it . how to impliment that ? thanks in advance 
Upvotes: 1
Views: 828
Answers (1)
Reputation: 12722
Helmet maintainer here.
This is happening because of something called Content Security Policy, which Helmet sets by default. To solve your problem, you will need to configure Helmet's CSP.
MDN has a good documentation about CSP which I would recommend reading for background. After that, take a look at Helmet's README to see how to configure its CSP component.
In summary: to solve your problem, you will need to tell Helmet to configure your CSP.
Upvotes: 1
Related Questions
- how to implement content security policy NONCE in html script tags with node and helmet
- How do I set up helmet.js correctly to resolve CSP issue?
- How to use helmet?
- Express js : Content security header is not reflecting
- React app served with express and helmet cannot make API requests
- Content Security Policy: Script Refusing to Load
- Content security policy directive blocks dynamically loaded inline scripts
- Helmet Content Security Policy Global Path not working
- nodeJS https - unable to set Content-Security-Policy
- Implement helmet-csp on individual routes