DEPRECATED - please use @localnerve/csp-hashes instead
Plugin to generate hash for inline scripts and styles for CSP.
This plugin is insipred by hash-csp, and operates mostly the same way.
npm install inline-csp-hash --saveconst gulp = require('gulp');
const hashstream = require('inline-csp-hash');
gulp.task('inline-hash', () => {
return gulp.src('src/*.html')
.pipe(hashstream({
what: 'script',
replace_cb: (s, hashes) => s.replace(/script-src 'self'[^;]*/, "script-src 'self' " + hashes.join(" "))
}))
.pipe(hashstream({
what: 'style',
replace_cb: (s, hashes) => s.replace(/style-src 'self'[^;]*/, "style-src 'self' " + hashes.join(" "))
}))
.pipe(gulp.dest('dist/'))
;
});- what:
script(default) orstyle: which tags to process (scripts and styles are processed separately because they are controlled by different CSP directives:script-srcandstyle-src) - hash:
sha256(default),sha384, orsha512: hash algorithm to use. SHA family is the only one according to the specification - replace_cb: callback to inject gathered hashes into the source file
Have mocha installed and run npm test
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent