You're reading from Mastering Node.js Web Development Go on a comprehensive journey from the fundamentals to advanced web development with Node.js

Product type Paperback

Published in Jun 2024

Publisher Packt

ISBN-13 9781804615072

Length 778 pages

Edition 1st Edition

Languages

Tools

Node.js

Concepts

Server Side Web Development

Author (1):

Adam Freeman

View More author details

Table of Contents (26) Chapters

1. Putting Node.js in Context FREE CHAPTER

2. Getting Ready

3. Working with the Node.js Tools

4. JavaScript and TypeScript Primer

5. Understanding Node.js Concurrency

6. Handling HTTP Requests

7. Using Node.js Streams

8. Using Bundles and Content Security

9. Unit Testing and Debugging

10. Node.js in Detail

11. Creating the Example Project

12. Using HTML Templates

13. Handling Form Data

14. Using Databases

15. Using Sessions

16. Creating RESTful Web Services

17. Authenticating and Authorizing Requests

18. SportsStore

19. SportsStore: A Real Application

20. SportsStore: Navigation and Cart

21. SportsStore: Orders and Validation

22. SportsStore: Authentication

23. SportsStore: Administration

24. SportsStore: Deployment

25. Other Books You May Enjoy

26. Index

Using a content security policy

CORS is an example of a set of request headers that were introduced to address malicious behavior by providing the browser with information about how the application is expected to work.

There are additional headers that the backend server can set to provide the browser with insight into how the application works and what behaviors are expected. The most important header is Content-Security-Policy, which the backend server uses to describe the application’s Content Security Policy (CSP). The CSP tells the browser what behaviors to expect from the client-side application so that the browser can block suspicious activity.

The use of content security policies is intended to prevent cross-site scripting (XSS) attacks. There are many variations of XSS attacks, but they all involve injecting malicious content or code into the content displayed by the browser to perform a task not intended by the application developers – typically something...