gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(csp): Update policy for FA and remove optimizely

Browse Source
This commit is contained in:
Mrugesh Mohapatra
2018-06-28 21:01:29 +05:30
committed by Stuart Taylor
parent 06b648b402
commit 38ad6eb878
1 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/middlewares/csp.js
View File

@ -23,8 +23,7 @@ export default function csp() {
directives: { directives: {
defaultSrc: trusted.concat([ defaultSrc: trusted.concat([
'https://*.cloudflare.com', 'https://*.cloudflare.com',
'*.cloudflare.com', '*.cloudflare.com'
'https://*.optimizely.com'
]), ]),
connectSrc: trusted.concat([ connectSrc: trusted.concat([
'https://glitch.com', 'https://glitch.com',
@ -47,8 +46,7 @@ export default function csp() {
'*.twimg.com', '*.twimg.com',
'https://*.twimg.com', 'https://*.twimg.com',
'*.youtube.com', '*.youtube.com',
'*.ytimg.com', '*.ytimg.com'
'https://*.optimizely.com'
].concat(trusted), ].concat(trusted),
styleSrc: [ styleSrc: [
"'unsafe-inline'", "'unsafe-inline'",
@ -58,7 +56,6 @@ export default function csp() {
'https://*.bootstrapcdn.com', 'https://*.bootstrapcdn.com',
'*.cloudflare.com', '*.cloudflare.com',
'https://*.cloudflare.com', 'https://*.cloudflare.com',
'https://*.optimizely.com',
'https://use.fontawesome.com' 'https://use.fontawesome.com'
].concat(trusted), ].concat(trusted),
fontSrc: [ fontSrc: [
@ -67,8 +64,7 @@ export default function csp() {
'*.bootstrapcdn.com', '*.bootstrapcdn.com',
'*.googleapis.com', '*.googleapis.com',
'*.gstatic.com', '*.gstatic.com',
'https://*.bootstrapcdn.com', 'https://*.bootstrapcdn.com'
'https://*.optimizely.com'
].concat(trusted), ].concat(trusted),
imgSrc: [ imgSrc: [
// allow all input since we have user submitted images for // allow all input since we have user submitted images for