Blankie/pastel.codes
1
0
Fork 0
mirror of https://github.com/aurora-dot/pastel.codes.git synced 2024-11-25 01:22:19 +00:00
Code Issues Projects Releases Wiki Activity

Added Helmet CSP

Browse Source
This commit is contained in:
Esther 2021-01-03 23:28:30 +00:00
parent c0d86e2e19
commit 3f5441314b
No known key found for this signature in database
GPG Key ID: 162A307C5EBD40EA
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app.js
View File

@ -27,6 +27,21 @@ if (process.env.NODE_ENV === 'production') {
} }
app.use(helmet()); app.use(helmet());
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "''unsafe-eval'", "https://hcaptcha.com", "https://*.hcaptcha.com", "https://cdn.ravenjs.com/"],
imgSrc: ["'self'", "https://blog.pastel.codes", "https://static.ghost.org", "https://secure.gravatar.com"],
styleSrc: ["'self'", "'unsafe-inline'", "https://hcaptcha.com", "https://*.hcaptcha.com"],
fontSrc: ["'self'", "data:"],
frameSrc: ["https://hcaptcha.com", "https://*.hcaptcha.com"],
objectSrc: ["'none'"],
upgradeInsecureRequests: [],
},
})
);
app.use(express.json()); app.use(express.json());
app.use(express.urlencoded({ extended: false })); app.use(express.urlencoded({ extended: false }));
app.use(cookieParser()); app.use(cookieParser());