Update helmet js and use newer middleware, update reference to freecodecamp in trusted group
This commit is contained in:
11
app.js
11
app.js
@ -21,6 +21,8 @@ var express = require('express'),
|
|||||||
methodOverride = require('method-override'),
|
methodOverride = require('method-override'),
|
||||||
bodyParser = require('body-parser'),
|
bodyParser = require('body-parser'),
|
||||||
helmet = require('helmet'),
|
helmet = require('helmet'),
|
||||||
|
frameguard = require('frameguard'),
|
||||||
|
csp = require('helmet-csp'),
|
||||||
MongoStore = require('connect-mongo')(session),
|
MongoStore = require('connect-mongo')(session),
|
||||||
flash = require('express-flash'),
|
flash = require('express-flash'),
|
||||||
path = require('path'),
|
path = require('path'),
|
||||||
@ -114,7 +116,7 @@ app.disable('x-powered-by');
|
|||||||
|
|
||||||
app.use(helmet.xssFilter());
|
app.use(helmet.xssFilter());
|
||||||
app.use(helmet.noSniff());
|
app.use(helmet.noSniff());
|
||||||
app.use(helmet.xframe());
|
app.use(helmet.frameguard());
|
||||||
app.use(function(req, res, next) {
|
app.use(function(req, res, next) {
|
||||||
res.header('Access-Control-Allow-Origin', '*');
|
res.header('Access-Control-Allow-Origin', '*');
|
||||||
res.header('Access-Control-Allow-Headers',
|
res.header('Access-Control-Allow-Headers',
|
||||||
@ -127,6 +129,9 @@ var trusted = [
|
|||||||
"'self'",
|
"'self'",
|
||||||
'blob:',
|
'blob:',
|
||||||
'*.freecodecamp.com',
|
'*.freecodecamp.com',
|
||||||
|
'http://www.freecodecamp.com',
|
||||||
|
'ws://freecodecamp.com/',
|
||||||
|
'ws://www.freecodecamp.com/',
|
||||||
'*.gstatic.com',
|
'*.gstatic.com',
|
||||||
'*.google-analytics.com',
|
'*.google-analytics.com',
|
||||||
'*.googleapis.com',
|
'*.googleapis.com',
|
||||||
@ -158,7 +163,7 @@ var trusted = [
|
|||||||
'http://hn.inspectlet.com/'
|
'http://hn.inspectlet.com/'
|
||||||
];
|
];
|
||||||
|
|
||||||
app.use(helmet.contentSecurityPolicy({
|
app.use(helmet.csp({
|
||||||
defaultSrc: trusted,
|
defaultSrc: trusted,
|
||||||
scriptSrc: [
|
scriptSrc: [
|
||||||
'*.optimizely.com',
|
'*.optimizely.com',
|
||||||
@ -166,7 +171,6 @@ app.use(helmet.contentSecurityPolicy({
|
|||||||
'*.d3js.org'
|
'*.d3js.org'
|
||||||
].concat(trusted),
|
].concat(trusted),
|
||||||
'connect-src': [
|
'connect-src': [
|
||||||
'ws://www.freecodecamp.com'
|
|
||||||
].concat(trusted),
|
].concat(trusted),
|
||||||
styleSrc: trusted,
|
styleSrc: trusted,
|
||||||
imgSrc: [
|
imgSrc: [
|
||||||
@ -179,6 +183,7 @@ app.use(helmet.contentSecurityPolicy({
|
|||||||
'*.twitter.com'
|
'*.twitter.com'
|
||||||
].concat(trusted),
|
].concat(trusted),
|
||||||
frameSrc: [
|
frameSrc: [
|
||||||
|
|
||||||
'*.gitter.im',
|
'*.gitter.im',
|
||||||
'*.gitter.im https:',
|
'*.gitter.im https:',
|
||||||
'*.vimeo.com',
|
'*.vimeo.com',
|
||||||
|
@ -36,9 +36,11 @@
|
|||||||
"font-awesome": "~4.3.0",
|
"font-awesome": "~4.3.0",
|
||||||
"forcedomain": "~0.4.0",
|
"forcedomain": "~0.4.0",
|
||||||
"forever": "~0.14.1",
|
"forever": "~0.14.1",
|
||||||
|
"frameguard": "^0.2.2",
|
||||||
"github-api": "~0.7.0",
|
"github-api": "~0.7.0",
|
||||||
"gulp-minify-css": "~0.5.1",
|
"gulp-minify-css": "~0.5.1",
|
||||||
"helmet": "~0.5.3",
|
"helmet": "~0.9.0",
|
||||||
|
"helmet-csp": "^0.2.3",
|
||||||
"jade": "~1.8.0",
|
"jade": "~1.8.0",
|
||||||
"less": "~1.7.5",
|
"less": "~1.7.5",
|
||||||
"less-middleware": "~2.0.1",
|
"less-middleware": "~2.0.1",
|
||||||
|
Reference in New Issue
Block a user