parent
49987c57e8
commit
4e345e0d12
|
@ -79,8 +79,8 @@
|
||||||
"gulp-uglify": "^1.5.1",
|
"gulp-uglify": "^1.5.1",
|
||||||
"gulp-util": "^3.0.6",
|
"gulp-util": "^3.0.6",
|
||||||
"gulp-webpack": "^1.5.0",
|
"gulp-webpack": "^1.5.0",
|
||||||
"helmet": "~0.15.0",
|
"helmet": "^1.1.0",
|
||||||
"helmet-csp": "~0.3.0",
|
"helmet-csp": "^1.0.3",
|
||||||
"history": "^1.17.0",
|
"history": "^1.17.0",
|
||||||
"jade": "^1.11.0",
|
"jade": "^1.11.0",
|
||||||
"json-loader": "~0.5.2",
|
"json-loader": "~0.5.2",
|
||||||
|
|
|
@ -10,62 +10,64 @@ if (process.env.NODE_ENV !== 'production') {
|
||||||
|
|
||||||
export default function csp() {
|
export default function csp() {
|
||||||
return helmet.csp({
|
return helmet.csp({
|
||||||
defaultSrc: trusted,
|
directives: {
|
||||||
scriptSrc: [
|
defaultSrc: trusted,
|
||||||
"'unsafe-eval'",
|
scriptSrc: [
|
||||||
"'unsafe-inline'",
|
"'unsafe-eval'",
|
||||||
'*.google-analytics.com',
|
"'unsafe-inline'",
|
||||||
'*.gstatic.com',
|
'*.google-analytics.com',
|
||||||
'https://*.cloudflare.com',
|
'*.gstatic.com',
|
||||||
'*.cloudflare.com',
|
'https://*.cloudflare.com',
|
||||||
'https://*.gitter.im',
|
'*.cloudflare.com',
|
||||||
'https://*.cdnjs.com',
|
'https://*.gitter.im',
|
||||||
'*.cdnjs.com',
|
'https://*.cdnjs.com',
|
||||||
'https://*.jsdelivr.com',
|
'*.cdnjs.com',
|
||||||
'*.jsdelivr.com',
|
'https://*.jsdelivr.com',
|
||||||
'*.twimg.com',
|
'*.jsdelivr.com',
|
||||||
'https://*.twimg.com',
|
'*.twimg.com',
|
||||||
'vimeo.com'
|
'https://*.twimg.com',
|
||||||
].concat(trusted),
|
'vimeo.com'
|
||||||
connectSrc: [
|
].concat(trusted),
|
||||||
'vimeo.com'
|
connectSrc: [
|
||||||
].concat(trusted),
|
'vimeo.com'
|
||||||
styleSrc: [
|
].concat(trusted),
|
||||||
"'unsafe-inline'",
|
styleSrc: [
|
||||||
'*.gstatic.com',
|
"'unsafe-inline'",
|
||||||
'*.googleapis.com',
|
'*.gstatic.com',
|
||||||
'*.bootstrapcdn.com',
|
'*.googleapis.com',
|
||||||
'https://*.bootstrapcdn.com',
|
'*.bootstrapcdn.com',
|
||||||
'*.cloudflare.com',
|
'https://*.bootstrapcdn.com',
|
||||||
'https://*.cloudflare.com'
|
'*.cloudflare.com',
|
||||||
].concat(trusted),
|
'https://*.cloudflare.com'
|
||||||
fontSrc: [
|
].concat(trusted),
|
||||||
'*.cloudflare.com',
|
fontSrc: [
|
||||||
'https://*.cloudflare.com',
|
'*.cloudflare.com',
|
||||||
'*.bootstrapcdn.com',
|
'https://*.cloudflare.com',
|
||||||
'*.googleapis.com',
|
'*.bootstrapcdn.com',
|
||||||
'*.gstatic.com',
|
'*.googleapis.com',
|
||||||
'https://*.bootstrapcdn.com'
|
'*.gstatic.com',
|
||||||
].concat(trusted),
|
'https://*.bootstrapcdn.com'
|
||||||
imgSrc: [
|
].concat(trusted),
|
||||||
// allow all input since we have user submitted images for
|
imgSrc: [
|
||||||
// public profile
|
// allow all input since we have user submitted images for
|
||||||
'*',
|
// public profile
|
||||||
'data:'
|
'*',
|
||||||
],
|
'data:'
|
||||||
mediaSrc: [
|
],
|
||||||
'*.bitly.com',
|
mediaSrc: [
|
||||||
'*.amazonaws.com',
|
'*.bitly.com',
|
||||||
'*.twitter.com'
|
'*.amazonaws.com',
|
||||||
].concat(trusted),
|
'*.twitter.com'
|
||||||
frameSrc: [
|
].concat(trusted),
|
||||||
'*.gitter.im',
|
frameSrc: [
|
||||||
'*.gitter.im https:',
|
'*.gitter.im',
|
||||||
'*.vimeo.com',
|
'*.gitter.im https:',
|
||||||
'*.twitter.com',
|
'*.vimeo.com',
|
||||||
'*.ghbtns.com',
|
'*.twitter.com',
|
||||||
'*.freecatphotoapp.com'
|
'*.ghbtns.com',
|
||||||
].concat(trusted),
|
'*.freecatphotoapp.com'
|
||||||
|
].concat(trusted)
|
||||||
|
},
|
||||||
// set to true if you only want to report errors
|
// set to true if you only want to report errors
|
||||||
reportOnly: false,
|
reportOnly: false,
|
||||||
// set to true if you want to set all headers
|
// set to true if you want to set all headers
|
||||||
|
|
Loading…
Reference in New Issue