只是修改了 NodeJS/Typescript 应用程序中使用的依赖项,并且遇到了 Helmet 从版本“3.23.2”更改为“4.5.0”的障碍。
我已经从 package.json 文件中删除了依赖项 "@types/helmet": "0.0.47"。
编译会导致以下语义错误:
src/loaders/security.ts(2,18): error TS2305: Module '"helmet"' has no exported member 'IHelmetContentSecurityPolicyDirectives'.
src/options.ts(1,10): error TS2305: Module '"helmet"' has no exported member 'IHelmetContentSecurityPolicyDirectives'.
options.ts 包括:
import { IHelmetContentSecurityPolicyDirectives } from 'helmet';
export interface Options {
redirectUrl: string;
mountPath: string;
serviceName?: string;
views?: string | string[];
csp?: IHelmetContentSecurityPolicyDirectives;
i18n?: I18nOptions;
}
security.ts 定义为:
import { Application } from 'express';
import helmet, { IHelmetContentSecurityPolicyDirectives } from 'helmet';
import logger from '../lib/logger';
const configureSecurity = (app: Application, csp: IHelmetContentSecurityPolicyDirectives | undefined): void => {
logger.info('Configuring Security using Helmet');
const defaultSrc = (csp && csp.defaultSrc) || [];
const styleSrc = (csp && csp.styleSrc) || [];
const scriptSrc = (csp && csp.scriptSrc) || [];
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: [...defaultSrc, "'self'"],
styleSrc: [...styleSrc, "'self'"],
scriptSrc: [
...scriptSrc,
"'self'",
"'sha256-+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'",
"'sha256-+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'",
],
},
},
}));
};
export default configureSecurity;
我不知道用什么来代替IHelmetContentSecurityPolicyDirectives
csp 类型。