app.js: Remove default options.

jsdelivr · Mar 10, 2019 · dcc6743 · dcc6743
1 parent 1c3cbcf
commit dcc6743
Showing 1 changed file with 1 addition and 16 deletions.
diff --git a/app.js b/app.js
@@ -132,29 +132,14 @@ app.use(helmet({
 app.use(helmet.hsts({
     force: true,
     includeSubdomains: true,
-    maxAge: 63072000,   // 2 years
+    maxAge: 63072000, // 2 years
     preload: true
 }));
 
 app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
 
 app.use(helmet.contentSecurityPolicy({
     directives: CSP,
-
-    // This module will detect common mistakes in your directives and throw errors
-    // if it finds any. To disable this, enable "loose mode".
-    loose: false,
-
-    // Set to true if you only want browsers to report errors, not block them
-    reportOnly: false,
-
-    // Set to true if you want to blindly set all headers: Content-Security-Policy,
-    // X-WebKit-CSP, and X-Content-Security-Policy.
-    setAllHeaders: false,
-
-    // Set to true if you want to disable CSP on Android where it can be buggy.
-    disableAndroid: false,
-
     // Set to false if you want to completely disable any user-agent sniffing.
     // This may make the headers less compatible but it will be much faster.
     // This defaults to `true`.