Name                                                 Description When Fired What to Do
(policy/no-policy-found) _spartan could not find ‘security.json’ update, delete, set-as-default, integrity, force run _spartan init or _spartan --default
(app/no-application-found) _spartan could not find ‘package.json’ init, no-overwrite * be sure to run _spartan from the project root directory (or wherever package.json is being hosted)
* run npm init to create package.json
  • Parsing error in the CSP => This one you won’t see until application runtime. Be sure to add the whitelisted sites as "'http://mysite.com'".
  • Be careful about making policy updates while you’re app is running. This will really bite if you’re using nodemon
  • You’ll need to create a .env file if you’re going to use the secrets management module, otherwise, be sure to disable this module altogether in the policy.
  • The cors module takes the whitelist that you created during the policy set up phase, strips out all of the ‘self’ declarations and attempts to add the * declarations as explicit subdomains (regex). If you’re encountering issues with CORS, add the sites directly in the security/.whitelists.json file as an array