sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2025-12-10 11:24:35 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #167 from sasjs/cspconfig

Browse Source 
fix: csp updates
This commit is contained in:
Allan Bowe
2022-05-12 10:53:21 +03:00
committed by GitHub
parent 45a2a01532 dd2a403985
commit 97d9bc191c
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -119,7 +119,7 @@ HELMET_COEP=
#
# Example config:
# {
# "img-src": ["'self'", "domain.com"],
# "img-src": ["'self'", "data:"],
# "script-src": ["'self'", "'unsafe-inline'"],
# "script-src-attr": ["'self'", "'unsafe-inline'"]
# }

2
api/csp.config.example.json
View File

@@ -1,5 +1,5 @@
{
"img-src": ["'self'", "domen.com"],
"img-src": ["'self'", "data:"],
"script-src": ["'self'", "'unsafe-inline'"],
"script-src-attr": ["'self'", "'unsafe-inline'"]
}

4
api/src/utils/parseHelmetConfig.ts
View File

@@ -5,7 +5,9 @@ export const getEnvCSPDirectives = (
HELMET_CSP_CONFIG_PATH: string | undefined
) => {
let cspConfigJson = {
'script-src': ["'self'", "'unsafe-inline'"]
'img-src': ["'self'", 'data:'],
'script-src': ["'self'", "'unsafe-inline'"],
'script-src-attr': ["'self'", "'unsafe-inline'"]
}
if (