51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
52 lines
1.3 KiB
Plaintext
52 lines
1.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
In Express.js application the code is sensitive if the https://www.npmjs.com/package/expect-ct[expect-ct] middleware is disabled:
|
|
|
|
----
|
|
const express = require('express');
|
|
const helmet = require('helmet');
|
|
|
|
let app = express();
|
|
|
|
app.use(
|
|
helmet({
|
|
expectCt: false // Sensitive
|
|
})
|
|
);
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
In Express.js application the https://www.npmjs.com/package/expect-ct[expect-ct] middleware is the standard way to implement expect-ct. Usually, the deployment of this policy starts with the report only mode (``++enforce: false++``) and with a low ``++maxAge++`` (the number of seconds the policy will apply) value and next if everything works well it is recommended to block future connections that violate Expect-CT policy (``++enforce: true++``) and greater value for maxAge directive:
|
|
|
|
[source,javascript]
|
|
----
|
|
const express = require('express');
|
|
const helmet = require('helmet');
|
|
|
|
let app = express();
|
|
|
|
app.use(helmet.expectCt({
|
|
enforce: true,
|
|
maxAge: 86400
|
|
})); // Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|