sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-15 09:50:06 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #167 from sasjs/cspconfig

Browse Source 
fix: csp updates
This commit is contained in:
Allan Bowe
2022-05-12 10:53:21 +03:00
committed by GitHub
parent 45a2a01532 dd2a403985
commit 97d9bc191c
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -119,7 +119,7 @@ HELMET_COEP=
# #
# Example config: # Example config:
# { # {
# "img-src": ["'self'", "domain.com"], # "img-src": ["'self'", "data:"],
# "script-src": ["'self'", "'unsafe-inline'"], # "script-src": ["'self'", "'unsafe-inline'"],
# "script-src-attr": ["'self'", "'unsafe-inline'"] # "script-src-attr": ["'self'", "'unsafe-inline'"]
# } # }

2
api/csp.config.example.json
View File

@@ -1,5 +1,5 @@
{ {
"img-src": ["'self'", "domen.com"], "img-src": ["'self'", "data:"],
"script-src": ["'self'", "'unsafe-inline'"], "script-src": ["'self'", "'unsafe-inline'"],
"script-src-attr": ["'self'", "'unsafe-inline'"] "script-src-attr": ["'self'", "'unsafe-inline'"]
} }

4
api/src/utils/parseHelmetConfig.ts
View File

@@ -5,7 +5,9 @@ export const getEnvCSPDirectives = (
HELMET_CSP_CONFIG_PATH: string | undefined HELMET_CSP_CONFIG_PATH: string | undefined
) => { ) => {
let cspConfigJson = { let cspConfigJson = {
'script-src': ["'self'", "'unsafe-inline'"] 'img-src': ["'self'", 'data:'],
'script-src': ["'self'", "'unsafe-inline'"],
'script-src-attr': ["'self'", "'unsafe-inline'"]
} }
if ( if (