whitelist freecodecamp specifically in script src for helmet
This commit is contained in:
terakilobyte
4
app.js
4
app.js
@ -126,6 +126,7 @@ app.use(function(req, res, next) {
|
|||||||
var trusted = [
|
var trusted = [
|
||||||
"'self'",
|
"'self'",
|
||||||
'*.freecodecamp.com',
|
'*.freecodecamp.com',
|
||||||
|
'http://www.freecodecamp.com/*',
|
||||||
'*.gstatic.com',
|
'*.gstatic.com',
|
||||||
'*.google-analytics.com',
|
'*.google-analytics.com',
|
||||||
'*.googleapis.com',
|
'*.googleapis.com',
|
||||||
@ -167,7 +168,8 @@ app.use(helmet.contentSecurityPolicy({
|
|||||||
scriptSrc: [
|
scriptSrc: [
|
||||||
'*.optimizely.com',
|
'*.optimizely.com',
|
||||||
'*.aspnetcdn.com',
|
'*.aspnetcdn.com',
|
||||||
'*.d3js.org'
|
'*.d3js.org',
|
||||||
|
'*.freecodecamp.com'
|
||||||
].concat(trusted),
|
].concat(trusted),
|
||||||
'connect-src': [
|
'connect-src': [
|
||||||
'ws://*.rafflecopter.com',
|
'ws://*.rafflecopter.com',
|
||||||
|
|||||||
Reference in New Issue
Block a user