Add basic CSP support

author: Literallie 2017-10-18 17:10:23 +0200
committer: Literallie 2017-10-22 00:03:44 +0200
commit: ba183ce6543f102ae635502a0da0ac7c923cc97a (patch)
tree: 494790b1e27b8468c511d8fc4e39ae04413e317f /lib
parent: a23048254ddfb36a2c204c96db042fd0a6012b48 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/config/default.js b/lib/config/default.js
index f4c45e3d..e207dfc6 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -13,6 +13,16 @@ module.exports = {
     includeSubdomains: true,
     preload: true
   },
+  csp: {
+    enable: true,
+    reportUri: '',
+    directives: {
+      defaultSrc: ["'self'"],
+      scriptSrc: ["'self'"],
+      styleSrc: ["'self'", "'unsafe-inline'"],
+      fontSrc: ["'self'"]
+    }
+  },
   protocolusessl: false,
   usecdn: true,
   allowanonymous: true,
author	Literallie	2017-10-18 17:10:23 +0200
committer	Literallie	2017-10-22 00:03:44 +0200
commit	ba183ce6543f102ae635502a0da0ac7c923cc97a (patch)
tree	494790b1e27b8468c511d8fc4e39ae04413e317f /lib
parent	a23048254ddfb36a2c204c96db042fd0a6012b48 (diff)