sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2025-12-10 11:24:35 +00:00
Code Issues Projects Releases Wiki Activity

fix: csp updates

Browse Source
This commit is contained in:
Allan Bowe
2022-05-11 21:37:49 +00:00
parent 45a2a01532
commit 7cfa2398e1
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -119,7 +119,7 @@ HELMET_COEP=
#
# Example config:
# {
# "img-src": ["'self'", "domain.com"],
# "img-src": ["'self'", "data:"],
# "script-src": ["'self'", "'unsafe-inline'"],
# "script-src-attr": ["'self'", "'unsafe-inline'"]
# }

2
api/csp.config.example.json
View File

@@ -1,5 +1,5 @@
{
"img-src": ["'self'", "domen.com"],
"img-src": ["'self'", "data:"],
"script-src": ["'self'", "'unsafe-inline'"],
"script-src-attr": ["'self'", "'unsafe-inline'"]
}

4
api/src/utils/parseHelmetConfig.ts
View File

@@ -5,7 +5,9 @@ export const getEnvCSPDirectives = (
HELMET_CSP_CONFIG_PATH: string | undefined
) => {
let cspConfigJson = {
'script-src': ["'self'", "'unsafe-inline'"]
'img-src': ["'self'", "data:"],
'script-src': ["'self'", "'unsafe-inline'"],
'script-src-attr': ["'self'", "'unsafe-inline'"]
}
if (