Explicitly add google font servers to whitelist

2015-06-16 09:33:34 -04:00
parent a621ff3190
commit 7f311a1e03
1 changed files with 4 additions and 2 deletions
--- a/server/server.js
+++ b/server/server.js
@ -149,13 +149,15 @@ app.use(helmet.csp({
    /* allow all input since we have user submitted images for public profile*/
    '*'
  ].concat(trusted),
-  fontSrc: ['*.googleapis.com'].concat(trusted),
+  fontSrc: [
    '*.googleapis.com',
    '*.gstatic.com'
  ].concat(trusted),
  mediaSrc: [
    '*.amazonaws.com',
    '*.twitter.com'
  ].concat(trusted),
  frameSrc: [
    '*.gitter.im',
    '*.gitter.im https:',
    '*.vimeo.com',