whitelist freecodecamp specifically in script src for helmet

2015-05-06 09:24:27 -04:00
parent adaa3cdece
commit 3919919daf
1 changed files with 3 additions and 1 deletions
--- a/app.js
+++ b/app.js
@ -126,6 +126,7 @@ app.use(function(req, res, next) {
 var trusted = [
  "'self'",
  '*.freecodecamp.com',
+  'http://www.freecodecamp.com/*',
  '*.gstatic.com',
  '*.google-analytics.com',
  '*.googleapis.com',
@ -167,7 +168,8 @@ app.use(helmet.contentSecurityPolicy({
    scriptSrc: [
        '*.optimizely.com',
        '*.aspnetcdn.com',
-        '*.d3js.org'
+        '*.d3js.org',
+        '*.freecodecamp.com'
    ].concat(trusted),
    'connect-src': [
        'ws://*.rafflecopter.com',