Skip to content

Commit

Permalink
fix(csp): turn useDefaults off in CSP
Browse files Browse the repository at this point in the history 
This commit turns the cross-site protection `useDefaults` directive to
`false`.  It was flipped to being true and wreaks havoc with our app.
  • Loading branch information
@jniles
jniles committed Jan 4, 2022
1 parent 151638a commit d342baa
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions server/config/express.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ exports.configure = function configure(app) {
// helmet guards
app.use(helmet({
contentSecurityPolicy : {
useDefaults : false,
directives : {
defaultSrc : ['\'self\'', '\'unsafe-inline\'', 'blob:'],
fontSrc : ['\'self\'', 'https://fonts.gstatic.com'],
Expand Down

0 comments on commit d342baa

Please sign in to comment.