summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorLiterallie2017-10-20 12:31:16 +0200
committerLiterallie2017-10-22 00:03:46 +0200
commit91101c856c3efac53e8a4db4cc537b77370aa7df (patch)
tree5bc25f9d094dc5b3c85248711c37619d3e62abdd /lib
parent5b83deb043296c23ff912a2472703c1f7faddb4b (diff)
Change CSP config format to be more intuitive
Diffstat (limited to 'lib')
-rw-r--r--lib/config/default.js10
-rw-r--r--lib/config/environment.js3
2 files changed, 4 insertions, 9 deletions
diff --git a/lib/config/default.js b/lib/config/default.js
index 0b6ca26a..cfde9ae9 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -15,17 +15,9 @@ module.exports = {
},
csp: {
enable: true,
- reportUri: '',
directives: {
- defaultSrc: ["'self'"],
- scriptSrc: ["'self'", "'unsafe-eval'", "vimeo.com", "https://gist.github.com", "www.slideshare.net", "https://query.yahooapis.com", "https://*.disqus.com"],
- imgSrc: ["*"],
- styleSrc: ["'self'", "'unsafe-inline'", "https://assets-cdn.github.com"],
- fontSrc: ["'self'", "https://public.slidesharecdn.com"],
- objectSrc: ["*"],
- childSrc: ["*"],
- connectSrc: ["'self'", "https://links.services.disqus.com", "wss://realtime.services.disqus.com"]
},
+ addDefaults: true,
upgradeInsecureRequests: 'auto'
},
protocolusessl: false,
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 40b7e09f..fa9698f6 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -14,6 +14,9 @@ module.exports = {
includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
},
+ csp: {
+ enable: toBooleanConfig(process.env.HMD_CSP_ENABLE)
+ },
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
usecdn: toBooleanConfig(process.env.HMD_USECDN),