CSP: Upgrade insecure requests if possible

Config option; default is to only upgrade if usessl
author: Literallie 2017-10-18 17:45:57 +0200
committer: Literallie 2017-10-22 00:03:45 +0200
commit: 5d2d3ec875310de07fe79ae605dfbc0f1df585c5 (patch)
tree: 3d2c64e575d76a6ad4e6be54f1f5a21009f7d926 /lib
parent: ba183ce6543f102ae635502a0da0ac7c923cc97a (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/config/default.js b/lib/config/default.js
index e207dfc6..217d11d0 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -20,8 +20,9 @@ module.exports = {
       defaultSrc: ["'self'"],
       scriptSrc: ["'self'"],
       styleSrc: ["'self'", "'unsafe-inline'"],
-      fontSrc: ["'self'"]
-    }
+      fontSrc: ["'self'"],
+    },
+    upgradeInsecureRequests: 'auto'
   },
   protocolusessl: false,
   usecdn: true,
author	Literallie	2017-10-18 17:45:57 +0200
committer	Literallie	2017-10-22 00:03:45 +0200
commit	5d2d3ec875310de07fe79ae605dfbc0f1df585c5 (patch)
tree	3d2c64e575d76a6ad4e6be54f1f5a21009f7d926 /lib
parent	ba183ce6543f102ae635502a0da0ac7c923cc97a (diff)