Added Helmet CSP

This commit is contained in:
Esther 2021-01-03 23:28:30 +00:00
parent c0d86e2e19
commit 3f5441314b
No known key found for this signature in database
GPG Key ID: 162A307C5EBD40EA

15
app.js
View File

@ -27,6 +27,21 @@ if (process.env.NODE_ENV === 'production') {
}
app.use(helmet());
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "''unsafe-eval'", "https://hcaptcha.com", "https://*.hcaptcha.com", "https://cdn.ravenjs.com/"],
imgSrc: ["'self'", "https://blog.pastel.codes", "https://static.ghost.org", "https://secure.gravatar.com"],
styleSrc: ["'self'", "'unsafe-inline'", "https://hcaptcha.com", "https://*.hcaptcha.com"],
fontSrc: ["'self'", "data:"],
frameSrc: ["https://hcaptcha.com", "https://*.hcaptcha.com"],
objectSrc: ["'none'"],
upgradeInsecureRequests: [],
},
})
);
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());