From 7cfa2398e12c5e515d27c896f36ff91604c2124d Mon Sep 17 00:00:00 2001
From: Allan Bowe <allnbwe@gmail.com>
Date: Wed, 11 May 2022 21:37:49 +0000
Subject: [PATCH] fix: csp updates

---
 README.md                          | 2 +-
 api/csp.config.example.json        | 2 +-
 api/src/utils/parseHelmetConfig.ts | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index c1aa053..8caa85c 100644
--- a/README.md
+++ b/README.md
@@ -119,7 +119,7 @@ HELMET_COEP=
 #
 # Example config:
 # {
-#   "img-src": ["'self'", "domain.com"],
+#   "img-src": ["'self'", "data:"],
 #   "script-src": ["'self'", "'unsafe-inline'"],
 #   "script-src-attr": ["'self'", "'unsafe-inline'"]
 # }
diff --git a/api/csp.config.example.json b/api/csp.config.example.json
index 8ca57a5..82599fc 100644
--- a/api/csp.config.example.json
+++ b/api/csp.config.example.json
@@ -1,5 +1,5 @@
 {
-  "img-src": ["'self'", "domen.com"],
+  "img-src": ["'self'", "data:"],
   "script-src": ["'self'", "'unsafe-inline'"],
   "script-src-attr": ["'self'", "'unsafe-inline'"]
 }
\ No newline at end of file
diff --git a/api/src/utils/parseHelmetConfig.ts b/api/src/utils/parseHelmetConfig.ts
index 7310431..23e065a 100644
--- a/api/src/utils/parseHelmetConfig.ts
+++ b/api/src/utils/parseHelmetConfig.ts
@@ -5,7 +5,9 @@ export const getEnvCSPDirectives = (
   HELMET_CSP_CONFIG_PATH: string | undefined
 ) => {
   let cspConfigJson = {
-    'script-src': ["'self'", "'unsafe-inline'"]
+    'img-src': ["'self'", "data:"],
+    'script-src': ["'self'", "'unsafe-inline'"],
+    'script-src-attr': ["'self'", "'unsafe-inline'"]
   }
 
   if (