it just doesn't work

Question

it just doesn't work

Closed this issue 3 years ago · 5 comments

this is my code

const express = require('express')
const helmet = require('helmet')
const morgan = require('morgan')
const compression = require('compression')
const bodyParser = require('body-parser')
const Agenda = require('agenda');
const Agendash = require('agendash2');


const agenda = new Agenda({db: {address: process.env.MONGO_URL, collection: process.env.AGENDA_COLLECTION}})
const port = process.env.PORT || 3000

const app = express()
app.use(morgan('dev'))
app.use(helmet())
app.use(compression())
app.use(bodyParser.urlencoded({ extended: false }))
app.use(bodyParser.json())


app.use('/dash', Agendash(agenda));
app.listen(port, () => console.info(`Service is listening on port ${port}!`))

I am getting the following errors in the console:

probably related to the package install

Answer 1 · 2021-02-13T01:20:06.000Z

@EitanWeMatch - What's causing this here is helmet - which by the way used, applies default settings to CSP (Content Security Policy): https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.

You can either:

Configure helmet specific configurations with respect to CSP property:

https://helmetjs.github.io/ - helmet.contentSecurityPolicy(options)

Add another middleware before your route that removes this CSP header from the response:

app.use(
    '/dash',
    (req, res, next) => {
      res.removeHeader('Content-Security-Policy');
      next();
    },
    Agendash(agenda)
);

Answer 2 · 2021-10-14T21:16:12.000Z

Any plans on a version that doesn't load resources from external sources?

Answer 3 · 2022-01-31T04:49:16.000Z

@marwej I was planning you would contribute a PR. Would you please?

Answer 4 · 2022-01-31T10:27:58.000Z

@koresar Hello 👋 @marwej's colleague here. A PR is up at #202 which sets the CSP header to the correct value to host the Agendash app, which should fix OP @EitanWeMatch's problem as well as ours.

Answer 5 · 2022-01-31T13:09:25.000Z

You people are amazing! 😍