summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDavid Mehren2021-05-04 11:10:53 +0200
committerDavid Mehren2021-05-04 11:10:53 +0200
commit0b61f48129e666eed4c34dbbf759ab0013153022 (patch)
tree0f79d601e058c9b5d4384aa3726e90aff198b7ce /lib
parente6d4ac5f9a50b28b9d6e456d7fc343194ab1cbee (diff)
Fix upgradeInsecureRequests CSP directive
The `upgradeInsecureRequests` option of Helmets CSP middleware was a boolean in Helmet 3, but with Helmet 4, everything changed to lists. This commit adjusts the addUpgradeUnsafeRequestsOptionTo function accordingly. Closes #1221 See also https://github.com/helmetjs/helmet/tree/v4.6.0/middlewares/content-security-policy Signed-off-by: David Mehren <git@herrmehren.de>
Diffstat (limited to 'lib')
-rw-r--r--lib/csp.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 108f2a22..08efdd79 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -85,9 +85,9 @@ function getCspNonce (req, res) {
function addUpgradeUnsafeRequestsOptionTo (directives) {
if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
- directives.upgradeInsecureRequests = true
+ directives.upgradeInsecureRequests = []
} else if (config.csp.upgradeInsecureRequests === true) {
- directives.upgradeInsecureRequests = true
+ directives.upgradeInsecureRequests = []
}
}