Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Commit

Permalink
moar CSP fixes #2423 fixes #2425
Browse files Browse the repository at this point in the history
  • Loading branch information
dannycoates committed Mar 31, 2017
1 parent e7c1963 commit 6ab61da
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion server/src/server.js
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ app.use((req, res, next) => {
req.cspNonce = uuid;
res.header(
"Content-Security-Policy",
`default-src 'self'; img-src 'self' www.google-analytics.com ${CONTENT_NAME} data:; script-src 'self' www.google-analytics.com 'nonce-${uuid}'; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net; connect-src 'self' www.google-analytics.com ${dsn}; font-src https://code.cdn.mozilla.net;`);
`default-src 'self'; img-src 'self' www.google-analytics.com ${CONTENT_NAME} data:; script-src 'self' www.google-analytics.com 'nonce-${uuid}'; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net; connect-src 'self' www.google-analytics.com ${dsn}; font-src https://code.cdn.mozilla.net; frame-ancestors 'none'; object-src 'none';`);
res.header("X-Frame-Options", "DENY");
res.header("X-Content-Type-Options", "nosniff");
addHSTS(req, res);
Expand Down

0 comments on commit 6ab61da

Please sign in to comment.