Merge branch 'greenkeeper-helmet-1.1.0' into staging

package.json

@@ -79,8 +79,8 @@
     "gulp-uglify": "^1.5.1",
     "gulp-util": "^3.0.6",
     "gulp-webpack": "^1.5.0",
-    "helmet": "~1.1.0",
-    "helmet-csp": "~0.3.0",
+    "helmet": "^1.1.0",
+    "helmet-csp": "^1.0.3",
     "history": "^1.17.0",
     "jade": "^1.11.0",
     "json-loader": "~0.5.2",

server/middlewares/csp.js

@@ -10,6 +10,7 @@ if (process.env.NODE_ENV !== 'production') {
 
 export default function csp() {
   return helmet.csp({
+    directives: {
       defaultSrc: trusted,
       scriptSrc: [
         "'unsafe-eval'",
@@ -65,7 +66,8 @@ export default function csp() {
         '*.twitter.com',
         '*.ghbtns.com',
         '*.freecatphotoapp.com'
-    ].concat(trusted),
+      ].concat(trusted)
+    },
     // set to true if you only want to report errors
     reportOnly: false,
     // set to true if you want to set all headers