Skip to content

Helmet.js

Conditionally skipping headers

To skip a header conditionally, create your own small middleware function that conditionally calls different invocations of Helmet.

For example, you could decide to conditionally enable a Content Security Policy for a subset of users. Here’s how that could look:

const helmetWithCsp = helmet()
const helmetWithoutCsp = helmet({contentSecurityPolicy:false})

app.use((req, res, next) => {
  if (req.user.isContentSecurityPolicyEnabled) {
    helmetWithCsp(req,res,next)
  } else {
    helmetWithoutCsp(req,res,next)
  }
});