Make ContentSecurityPolicyDirectiveValueFunction interface accept Request and Response from express
schmkr opened this issue · comments
Currently, the ContentSecurityPolicyDirectiveValueFunction is defined as:
import { IncomingMessage, ServerResponse } from "http";
interface ContentSecurityPolicyDirectiveValueFunction {
(req: IncomingMessage, res: ServerResponse): string;
}
We have some functions defined for CSP directives that actually rely on the Request and Response interfaces from Express (e.g. using locals
on the Response). Would it be possible to type the function as such instead?
import { Request, Response } from "express";
interface ContentSecurityPolicyDirectiveValueFunction {
(req: Request, res: Response): string
}
Helmet doesn't require Express, so we can't assume that req
and res
are Express objects.
Would you be able to cast these objects to achieve what you want?
Ah, I see. I thought since this repo's about line is Help secure Express apps with various HTTP headers
, I figured it has dependencies on Express.
Yes, I managed to succeed with casting the response parameter. Thanks.
That makes sense, and I see why it's a little confusing. Most people use Helmet with Express, but it's possible without it.
I'll think about documentation improvements I can make here.