Update helmet js and use newer middleware, update reference to freecodecamp in trusted group

This commit is contained in:
terakilobyte
2015-05-06 19:10:03 -04:00
parent f97dc0e35c
commit ab74e7819e
2 changed files with 11 additions and 4 deletions

11
app.js
View File

@ -21,6 +21,8 @@ var express = require('express'),
methodOverride = require('method-override'), methodOverride = require('method-override'),
bodyParser = require('body-parser'), bodyParser = require('body-parser'),
helmet = require('helmet'), helmet = require('helmet'),
frameguard = require('frameguard'),
csp = require('helmet-csp'),
MongoStore = require('connect-mongo')(session), MongoStore = require('connect-mongo')(session),
flash = require('express-flash'), flash = require('express-flash'),
path = require('path'), path = require('path'),
@ -114,7 +116,7 @@ app.disable('x-powered-by');
app.use(helmet.xssFilter()); app.use(helmet.xssFilter());
app.use(helmet.noSniff()); app.use(helmet.noSniff());
app.use(helmet.xframe()); app.use(helmet.frameguard());
app.use(function(req, res, next) { app.use(function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', res.header('Access-Control-Allow-Headers',
@ -127,6 +129,9 @@ var trusted = [
"'self'", "'self'",
'blob:', 'blob:',
'*.freecodecamp.com', '*.freecodecamp.com',
'http://www.freecodecamp.com',
'ws://freecodecamp.com/',
'ws://www.freecodecamp.com/',
'*.gstatic.com', '*.gstatic.com',
'*.google-analytics.com', '*.google-analytics.com',
'*.googleapis.com', '*.googleapis.com',
@ -158,7 +163,7 @@ var trusted = [
'http://hn.inspectlet.com/' 'http://hn.inspectlet.com/'
]; ];
app.use(helmet.contentSecurityPolicy({ app.use(helmet.csp({
defaultSrc: trusted, defaultSrc: trusted,
scriptSrc: [ scriptSrc: [
'*.optimizely.com', '*.optimizely.com',
@ -166,7 +171,6 @@ app.use(helmet.contentSecurityPolicy({
'*.d3js.org' '*.d3js.org'
].concat(trusted), ].concat(trusted),
'connect-src': [ 'connect-src': [
'ws://www.freecodecamp.com'
].concat(trusted), ].concat(trusted),
styleSrc: trusted, styleSrc: trusted,
imgSrc: [ imgSrc: [
@ -179,6 +183,7 @@ app.use(helmet.contentSecurityPolicy({
'*.twitter.com' '*.twitter.com'
].concat(trusted), ].concat(trusted),
frameSrc: [ frameSrc: [
'*.gitter.im', '*.gitter.im',
'*.gitter.im https:', '*.gitter.im https:',
'*.vimeo.com', '*.vimeo.com',

View File

@ -36,9 +36,11 @@
"font-awesome": "~4.3.0", "font-awesome": "~4.3.0",
"forcedomain": "~0.4.0", "forcedomain": "~0.4.0",
"forever": "~0.14.1", "forever": "~0.14.1",
"frameguard": "^0.2.2",
"github-api": "~0.7.0", "github-api": "~0.7.0",
"gulp-minify-css": "~0.5.1", "gulp-minify-css": "~0.5.1",
"helmet": "~0.5.3", "helmet": "~0.9.0",
"helmet-csp": "^0.2.3",
"jade": "~1.8.0", "jade": "~1.8.0",
"less": "~1.7.5", "less": "~1.7.5",
"less-middleware": "~2.0.1", "less-middleware": "~2.0.1",