Updated syntax for helment csp

td/app.js

@@ -19,14 +19,16 @@ app.use(helmet.noSniff());
 app.use(helmet.xssFilter());
 // can't currently use CSP as i would like because various 3rd party libs are using inline style and javascript eval()
 app.use(helmet.csp({
-  defaultSrc: ["'none'"],
-  scriptSrc: ["'self'", "'unsafe-eval'"], //needed for lodash and nools
-  connectSrc: ["'self'"],
-  styleSrc: ["'self'", 'http://fonts.googleapis.com', 'https://fonts.googleapis.com', "'unsafe-inline'"], //needed for jquery
-  imgSrc: ["'self'", 'data:'],
-  fontSrc: ["'self'", 'http://fonts.gstatic.com', 'https://fonts.gstatic.com'],
-  formAction: ["'self'"],
-  reportUri: 'https://report-uri.io/report/owaspthreatdragon'
+    directives: {
+        defaultSrc: ["'none'"],
+        scriptSrc: ["'self'", "'unsafe-eval'"], //needed for lodash and nools
+        connectSrc: ["'self'"],
+        styleSrc: ["'self'", 'http://fonts.googleapis.com', 'https://fonts.googleapis.com', "'unsafe-inline'"], //needed for jquery
+        imgSrc: ["'self'", 'data:'],
+        fontSrc: ["'self'", 'http://fonts.gstatic.com', 'https://fonts.gstatic.com'],
+        formAction: ["'self'"],
+        reportUri: 'https://report-uri.io/report/owaspthreatdragon'
+    }
 }));
 
 //static content