Comments (18)
I recently update helmet from 3.19.0 to 3.21.2 due to a recommendatiopn of npm audit.
After doing this i have experience the axact same behaviour and error.
I have seen this happening before with webpack and redis npm package.
To solve this I configured redis as external commonjs package.
Doing this with helmet also avoids the TypeError and you can continue your work.
Here is an example webpack config.
module.exports = function(env, argv) {
return = {
mode: 'none',
entry: { server: `./pat-to-server.ts` },
externals: { helmet: 'commonjs helmet' },
target: 'node',
// other configs removed for example
// ...
};
};
from csp.
@EvanHahn It did not for me personally.
What I am seeing now.
from csp.
I've renamed this because it seems like this is an issue with Webpack. Lemme know if that's wrong.
It also seems like there's a fix (thanks @elvismercado), which is good for now.
from csp.
Sorry same bug different version, I'll check it with Bowser. Actually 2.6.1
from csp.
What error are you seeing in this package?
from csp.
TypeError: Bowser.getParser is not a function
at csp (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/helmet-csp/dist/index.js:32:34)
at Layer.handle [as handle_request] (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/express/lib/router/index.js:317:13)
at eval (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/express/lib/router/index.js:284:7)
at Function.process_params (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/express/lib/router/index.js:335:12)
at next (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/express/lib/router/index.js:275:10)
at internalNext (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/helmet/index.js:47:33)
at xXssProtection (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/x-xss-protection/dist/index.js:47:13)
at internalNext (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/helmet/index.js:51:7)
at nosniff (Users/Mark/Developer/reactivemarkets/gitlab/crossfire/ui/node_modules/dont-sniff-mimetype/dist/index.js:5:9)
from csp.
I'll raise an issue with Bowser, for a quick fix i've moved Bowser back to 2.5.4 locally and all is working again.
from csp.
Could you post a code snippet that reproduces this? I'm not able to replicate the issue myself.
from csp.
It's because we use a bundler, webpack in this case. This change https://github.com/lancedikson/bowser/blob/bc2d51a8f9a715d91b715214ee0c19b1ca3f3838/package.json#L25 in bowser causes the imports to be incorrect.
from csp.
from csp.
TypeError: Bowser.getParser is not a function
at csp (webpack:///./node_modules/helmet-csp/dist/index.js?:32:34)
at internalNext (webpack:///./node_modules/helmet/index.js?:51:7)
at helmet (webpack:///./node_modules/helmet/index.js?:54:5)
at Layer.handle [as handle_request] (webpack:///./node_modules/express/lib/router/layer.js?:95:5)
at trim_prefix (webpack:///./node_modules/express/lib/router/index.js?:317:13)
at eval (webpack:///./node_modules/express/lib/router/index.js?:284:7)
at Function.process_params (webpack:///./node_modules/express/lib/router/index.js?:335:12)
at next (webpack:///./node_modules/express/lib/router/index.js?:275:10)
at compression (webpack:///./node_modules/compression/index.js?:220:5)
at Layer.handle [as handle_request] (webpack:///./node_modules/express/lib/router/layer.js?:95:5)
at trim_prefix (webpack:///./node_modules/express/lib/router/index.js?:317:13)
at eval (webpack:///./node_modules/express/lib/router/index.js?:284:7)
at Function.process_params (webpack:///./node_modules/express/lib/router/index.js?:335:12)
at next (webpack:///./node_modules/express/lib/router/index.js?:275:10)
at expressInit (webpack:///./node_modules/express/lib/middleware/init.js?:40:5)
I am seeing this error while running Helmet: 3.21.1, Helmet: 2.9.2, and Bowser: 2.6.1
from csp.
from csp.
This will affect everyone using helmet and webpack, targeting node environments.
Downgrading helmet to 4.20.0, helmet-csp to 2.8.0 and removing bowser from yarn.lock fixed this for us for now.
from csp.
from csp.
Pull request #94 submitted
from csp.
I've updated to the latest version of bowser
in [email protected]
and [email protected]
(thanks @barnesdc!).
Does this fix anyone's issues?
from csp.
The bundle I am using has this issue as well. A quick fix was to change the package.json
pointer.
"main": "es5.js",
"module": "src/bowser.js",
Having the bundler point to es5.js
fixed it right up. For some reason the module path is not working.
from csp.
I believe this is fixed in [email protected]
and [email protected]
. Could someone test and let me know if they run into any issues?
from csp.
Related Issues (20)
- Add support for trusted-types HOT 7
- No CSP headers for iOS WebViews HOT 5
- how to choose? With helmet or helmet-csp? It's all yours, I don't know which one to choose? HOT 2
- Cannot Use Function Instead of Array as Value of Directive HOT 8
- safari will ignore whole rule HOT 4
- Convert module to TypeScript HOT 1
- reportTo directive HOT 4
- Upgrade dependency for platorm to version > 1.3.5 HOT 4
- How to add a specific sha256 to scriptSrc? HOT 4
- 'unsafe-inline' should be allowed in style-src and connect-src HOT 1
- Issue due to extra x-content-security-policy, x-webkit-csp headers HOT 4
- Add support for script-src-elem directive HOT 3
- TypeScript typings are broken HOT 3
- Header require-sri-for deprecated HOT 7
- Header report-uri deprecated HOT 4
- res.setHeader is not a function HOT 5
- Bowser.getParser is not a function HOT 9
- Remove browser sniffing HOT 6
- object-src directive checker error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csp.