dylan.derr/Send
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added csp directives

Browse source
This commit is contained in:
Danny Coates 2017-07-12 10:56:04 -07:00
parent b32e63c305
commit 9234bce75d
No known key found for this signature in database
GPG key ID: 4C442633C62E00CB
5 changed files with 37 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
server/server.js
View file

@ -32,6 +32,30 @@ app.engine(
app.set('view engine', 'handlebars');
app.use(helmet());
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ['\'self\''],
connectSrc: [
'\'self\'',
'https://sentry.prod.mozaws.net',
'https://www.google-analytics.com',
'https://ssl.google-analytics.com'
],
imgSrc: [
'\'self\'',
'https://www.google-analytics.com',
'https://ssl.google-analytics.com'
],
scriptSrc: ['\'self\'', 'https://ssl.google-analytics.com'],
styleSrc: ['\'self\'', 'https://code.cdn.mozilla.net'],
fontSrc: ['\'self\'', 'https://code.cdn.mozilla.net'],
formAction: ['\'none\''],
frameAncestors: ['\'none\''],
objectSrc: ['\'none\'']
}
})
);
app.use(busboy());
app.use(bodyParser.json());
app.use(express.static(STATIC_PATH));