diff options
author | David Mehren | 2021-05-04 11:10:53 +0200 |
---|---|---|
committer | David Mehren | 2021-05-04 11:10:53 +0200 |
commit | 0b61f48129e666eed4c34dbbf759ab0013153022 (patch) | |
tree | 0f79d601e058c9b5d4384aa3726e90aff198b7ce /lib | |
parent | e6d4ac5f9a50b28b9d6e456d7fc343194ab1cbee (diff) |
Fix upgradeInsecureRequests CSP directive
The `upgradeInsecureRequests` option of Helmets CSP middleware
was a boolean in Helmet 3, but with Helmet 4,
everything changed to lists.
This commit adjusts the addUpgradeUnsafeRequestsOptionTo
function accordingly.
Closes #1221
See also https://github.com/helmetjs/helmet/tree/v4.6.0/middlewares/content-security-policy
Signed-off-by: David Mehren <git@herrmehren.de>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/csp.js | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -85,9 +85,9 @@ function getCspNonce (req, res) { function addUpgradeUnsafeRequestsOptionTo (directives) { if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) { - directives.upgradeInsecureRequests = true + directives.upgradeInsecureRequests = [] } else if (config.csp.upgradeInsecureRequests === true) { - directives.upgradeInsecureRequests = true + directives.upgradeInsecureRequests = [] } } |