Using TypeScript to Implement Content Security Policy Nonce

I encountered an issue with my TypeScript Express project while attempting to implement a CSP Nonce using Helmet.

app.use(helmet.contentSecurityPolicy({
    useDefaults: true,
    directives: {
        scriptSrc: ["'self'", (req, res) => `'nonce-${res.locals.cspNonce}'`],
    }
}));

Upon running the program, I received the following error message:

./index.ts:820
return new TSError(diagnosticText, diagnosticCodes);
       ^
TSError: ⨯ Unable to compile TypeScript:
src/app.ts:17:59 - error TS2339: Property 'locals' does not exist on type 'ServerResponse'.

17         scriptSrc: ["'self'", (req, res) => `'nonce-${res.locals.nonce}'`],
                                                         ~~~~~~

at createTSError (/home/frdiolin/WebstormProjects/Calender2.0/node_modules/ts-node/src/index.ts:820:12)
...

The interesting part is that the same code runs without any issues in JavaScript. Can someone shed some light on what might be causing this discrepancy?

typescriptexpresshelmet.js

Answer №1

To put it simply: convert res to an Express Response. Check out the code snippet provided below.

This issue is specific to TypeScript only. While res.locals is a feature of Express, Helmet is intended to function independently of Express, which means res.locals are not included in Helmet's types. Essentially, res does not recognize a .locals property because Helmet does not presume it exists.

You can resolve this by specifying to TypeScript that this is an Express response object. Use res as Response.

Here is an illustration:

import express, { Response } from "express";

// ...

app.use(
  helmet.contentSecurityPolicy({
    useDefaults: true,
    directives: {
      scriptSrc: [
        "'self'",
        // The `res as Response` is crucial here.
        (_req, res) => `'nonce-${(res as Response).locals.cspNonce}'`,
      ],
    },
  })
);

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

The sequence in which the next() function is executed in ExpressJS

I recently came across this scenario on Stack Overflow where there were multiple get methods with the same signature: app.get('/user/:id', function (req, res, next). I am eager to dive deeper into this topic but unfortunately, my 'reputation ...

express

Adding Typescript to a Nativescript-Vue project: A step-by-step guide

Struggling over the past couple of days to configure Typescript in a basic template-generated Nativescript-Vue project has been quite the challenge. Here's my journey: Initiated the project using this command: ERROR in Entry module not found: Erro ...

typescriptvue.jsnativescriptnativescript-vue

What are the steps to downloading a server-generated image with user data from the client using Express?

I am facing a challenge with downloading a server-generated image immediately after it is created. My current approach involves using fetch to send user input data (bypassing HTML forms). Although the image is successfully generated on the server, I am str ...

javascriptnode.jsexpressfetch

Tips for utilizing the "??=" syntax in Typescript

let x; x ??= 'abc' console.log(x); // abc Running the code above in the browser console does not cause any issues. However, when attempting to run it in TypeScript, an error is thrown. SyntaxError: Unexpected token '??=' Here is my c ...

typescript

Every attempt to assign port 3000 for HTTP and port 443 for HTTPS resulted in the error message "Error: bind EACCES"

settings: { serverHost: "localhost", mainDirectory: rootPath, project: { title: 'My Unique Project' }, portNumber: 3000, securePortNumber: 443, databaseType: 'mongodb' } var secureServer = https.c ...

node.jssocketsexpressportbind

Managing nested request bodies in NestJS for POST operations

A client submits the following data to a REST endpoint: { "name":"Harry potter", "address":{ "street":"ABC Street", "pincode":"123", "geo":{ &q ...

node.jstypescriptnestjs

Struggling to display flash messages while utilizing connect-flash with a Node/Express application

I have encountered an issue while trying to display flash messages with connect-flash after users successfully log in to my app. Although I am able to see the flash messages in the console log, they do not appear on the client side. Interestingly, when I ...

node.jssessionexpresscookiesflash-message

Material UI React Autocomplete Component

I'm currently working on integrating an Autocomplete component using the Material UI library. However, I've encountered a challenge - I'm unsure of how to properly pass the value and onChange functions, especially since I have a custom Text ...

javascriptreactjstypescriptautocompletematerial-ui

What is the most efficient method for linking the hostname of my website to the file path within my Express.js static file server?

When using vanilla JavaScript in the browser, we can retrieve the hostname using: window.location.hostname However, if we are working with Node.js/Express.js on the server side, how can we achieve the same result? Furthermore, I am looking for a way to ...

javascriptnode.jsexpressserver

Using Node.js to create express routes with nested sub-routes

While experimenting with node.js, I encountered a puzzling issue where a setup works in one instance but fails to work in another instance after making a minor change. In my app.js file: app.use('/musicplayer', require('./routes/music/inde ...

node.jsexpressurl-routing

Angular2's ErrorHandler can cause code to malfunction when an error occurs

import { Injectable, ErrorHandler, Inject, Injector } from '@angular/core'; import { MessengerService } from '../services'; import { MessageTypeEnum } from '../../shared'; @Injectable() export class AppErrorHandler extends Er ...

angulartypescripterror-handling

Steps for mandating the specification of a type parameter for a generic React component

When setting up a new instance of a generic React component, I noticed that the TypeScript type checker automatically defaults to unknown without requiring me to specify the type argument: Ideally, I would prefer if TypeScript prompted for the explicit ty ...

reactjstypescriptgenerics

Navigating the interface types between Angular, Firebase, and Typescript can be tricky, especially when working with the `firebase.firestore.FieldValue`

I am working on an interface that utilizes Firestore timestamps for date settings. export interface Album{ album_name: string, album_date: firebase.firestore.FieldValue; } Adding a new item functions perfectly: this.album ...

angulartypescriptdategoogle-cloud-firestoreinterface

"Error encountered: Unable to resolve dependency tree" message appears when attempting to run npm install

Encountering dependency errors while trying to execute the npm install command for my Angular application. As a newcomer to TypeScript and Angular, I'm unsure of the next steps to take. Any suggestions? Attempted solutions include clearing the npm ca ...

node.jsangulartypescriptnpmwebpack

Unable to resolve the Typescript module within a different file

I am in the process of transitioning my React app to TypeScript. Currently, everything is working fine. However, I encountered an issue after adding the TypeScript compiler and renaming files to .ts and .tsx extensions - it is now throwing a "module not fo ...

reactjstypescriptwebpack

`MongoDB impatient for query outcome`

Upon trying to pass the 'db' from my server.js file, where I establish a connection with MongoClient, to routes/api.js for post requests, I encountered an issue. The error message I consistently receive is: TypeError: Cannot read property &apo ...

node.jsmongodbexpress

What is the best way to organize a collection of objects by a specific characteristic in Typescript?

Imagine you have an array of objects with the following structure: type Obj = { id: number, created: Date, title: string } How can you effectively sort this array based on a specific property without encountering any issues in the type system? For ...

typescriptsorting

"What is the best approach for setting up an Azure Web App to host both an Express static site and API

Setting up an Express app was a breeze for me, but when it comes to deploying it on Azure Web App, I'm hitting some roadblocks! The structure of my app is quite simple: a static web app with its own API. Requests to /website.com/api are forwarded to ...

javascriptazureexpressazure-web-app-service

Retrieve the response status using a promise

There is a promise in my code that sometimes results in an error response (either 400 or 403, depending on the user). I am trying to handle this situation by catching the response and implementing a conditional logic to execute different functions based on ...

javascriptreactjstypescriptsharepoint

Incorporating Imported Modules into the Final Build of a Typescript Project

In my Visual Studio Code Typescript project, I have set up some basic configurations and used npm to download libraries. One of the main files in my project is main.ts which includes the following code: import ApexCharts from 'apexcharts' var c ...

javascripttypescriptvisual-studio-code