Merge branch 'master' of github.com:mozilla/send into fixes195and192

2017-07-17 16:18:14 -07:00 · 2017-07-17 16:18:14 -07:00 · 26b228a976
commit 26b228a976
parent c2e8139c6e 9735aa62bd
38 changed files with 1778 additions and 538 deletions
--- a/server/server.js
+++ b/server/server.js
@ -32,27 +32,31 @@ app.engine(
 app.set('view engine', 'handlebars');

 app.use(helmet());
+app.use(helmet.hsts({
+  maxAge: 31536000,
+  force: conf.env === 'production'
+}));
 app.use(
  helmet.contentSecurityPolicy({
    directives: {
-      defaultSrc: ['\'self\''],
+      defaultSrc: ["'self'"],
      connectSrc: [
-        '\'self\'',
+        "'self'",
        'https://sentry.prod.mozaws.net',
        'https://www.google-analytics.com',
        'https://ssl.google-analytics.com'
      ],
      imgSrc: [
-        '\'self\'',
+        "'self'",
        'https://www.google-analytics.com',
        'https://ssl.google-analytics.com'
      ],
-      scriptSrc: ['\'self\'', 'https://ssl.google-analytics.com'],
-      styleSrc: ['\'self\'', 'https://code.cdn.mozilla.net'],
-      fontSrc: ['\'self\'', 'https://code.cdn.mozilla.net'],
-      formAction: ['\'none\''],
-      frameAncestors: ['\'none\''],
-      objectSrc: ['\'none\'']
+      scriptSrc: ["'self'", 'https://ssl.google-analytics.com'],
+      styleSrc: ["'self'", 'https://code.cdn.mozilla.net'],
+      fontSrc: ["'self'", 'https://code.cdn.mozilla.net'],
+      formAction: ["'none'"],
+      frameAncestors: ["'none'"],
+      objectSrc: ["'none'"]
    }
  })
 );