From 16600975446fa8bccc605fa295d184bf953102ee Mon Sep 17 00:00:00 2001
From: Michael Q Larson <michaelqlarson@gmail.com>
Date: Thu, 1 Jan 2015 00:33:03 -0800
Subject: [PATCH] update helmet csp for facebook images

---
 app.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/app.js b/app.js
index eebe13c3cd5..651a581a570 100644
--- a/app.js
+++ b/app.js
@@ -115,8 +115,6 @@ var trusted = [
     "*.doubleclick.net",
     "*.twitter.com",
     '*.twimg.com',
-    "*.githubusercontent.com",
-    "*.googleusercontent.com",
     "'unsafe-eval'",
     "'unsafe-inline'",
     "*.rafflecopter.com",
@@ -139,11 +137,14 @@ app.use(helmet.contentSecurityPolicy({
     styleSrc: trusted,
     imgSrc: [
       '*.evernote.com',
+      '*.facebook.com',
       '*.amazonaws.com',
       'data:',
       '*.licdn.com',
       '*.gravatar.com',
-      '*.youtube.com'
+      '*.youtube.com',
+      '*.githubusercontent.com',
+      '*.googleusercontent.com',
     ].concat(trusted),
     fontSrc: ['*.googleapis.com'].concat(trusted),
     mediaSrc: [