Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/javascript/363.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Javascript 如何使用4.4.1版本node.js模块启用和禁用UpgradeInsureRequests csp指令_Javascript_Node.js_Content Security Policy_Helmet.js_Upgrade Insecure Requests - Fatal编程技术网
Fatal编程技术网
  • javascript/
  • Javascript 如何使用4.4.1版本node.js模块启用和禁用UpgradeInsureRequests csp指令

Javascript 如何使用4.4.1版本node.js模块启用和禁用UpgradeInsureRequests csp指令

javascript node.js

Javascript 如何使用4.4.1版本node.js模块启用和禁用UpgradeInsureRequests csp指令,javascript,node.js,content-security-policy,helmet.js,upgrade-insecure-requests,Javascript,Node.js,Content Security Policy,Helmet.js,Upgrade Insecure Requests,我已经尝试过使用头盔4.4.1版本,下面两个版本都设置为true,用于升级不安全的CSP请求 upgradeInsecureRequests: [] and upgradeInsecureRequests: ['true'] 上面哪种格式正确使用?已解决:我们可以简单地添加升级的不安全请求:[]这对我很有用: defaultDirectives = helmet.contentSecurityPolicy.getDefaultDirectives(); delete defaultDirect

我已经尝试过使用头盔4.4.1版本,下面两个版本都设置为true,用于升级不安全的CSP请求

upgradeInsecureRequests: [] and upgradeInsecureRequests: ['true']
上面哪种格式正确使用?

已解决:我们可以简单地添加升级的不安全请求:[]

这对我很有用:

defaultDirectives = helmet.contentSecurityPolicy.getDefaultDirectives();
delete defaultDirectives['upgrade-insecure-requests'];

app.use( helmet() );
app.use(helmet.contentSecurityPolicy({
  directives: {
    ...defaultDirectives,
  },
}));

delete
部分删除
defaultDirectives
对象中的
升级不安全请求
键。

这会将其设置为
true
,但如何将其设置为
false
?在这种情况下,只需不提供此属性,即升级不安全请求