Skip to content

Commit

Permalink
Merge pull request #347 from opengovsg/dependabot/npm_and_yarn/helmet…
Browse files Browse the repository at this point in the history
…-4.0.0

build(deps): bump helmet from 3.23.3 to 4.0.0
  • Loading branch information
LoneRifle committed Aug 7, 2020
2 parents 956c9ea + 5953f95 commit b84616d
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 141 deletions.
112 changes: 3 additions & 109 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
"express-session": "^1.17.1",
"file-saver": "^2.0.2",
"file-type": "^14.7.0",
"helmet": "^3.23.3",
"helmet": "^4.0.0",
"history": "^4.10.1",
"i18next": "^19.6.3",
"inversify": "^5.0.1",
Expand Down
54 changes: 23 additions & 31 deletions src/server/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -78,39 +78,31 @@ if (sentryDns) {
}

const app = express()
app.use(helmet())
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
styleSrc: [
"'self'",
"'unsafe-inline'",
'fonts.googleapis.com',
'cdn.jsdelivr.net/npm/sgds-govtech@1.3.13/',
],
fontSrc: [
"'self'",
'fonts.gstatic.com',
'cdn.jsdelivr.net/npm/sgds-govtech@1.3.13/',
],
imgSrc: [
"'self'",
'data:',
'www.google-analytics.com',
'www.googletagmanager.com',
],
scriptSrc: [
"'self'",
'www.google-analytics.com',
'www.googletagmanager.com',
],
connectSrc,
frameAncestors: ["'self'"],
...(cspReportUri ? { reportUri: cspReportUri } : {}),
upgradeInsecureRequests: true,
helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'", 'fonts.googleapis.com'],
fontSrc: ["'self'", 'fonts.gstatic.com'],
imgSrc: [
"'self'",
'data:',
'www.google-analytics.com',
'www.googletagmanager.com',
],
scriptSrc: [
"'self'",
'www.google-analytics.com',
'www.googletagmanager.com',
],
connectSrc,
frameAncestors: ["'self'"],
...(cspReportUri ? { reportUri: cspReportUri } : {}),
upgradeInsecureRequests: [],
},
reportOnly: cspOnlyReportViolations,
},
reportOnly: cspOnlyReportViolations,
}),
)

Expand Down

0 comments on commit b84616d

Please sign in to comment.