Pavel Ševčík
4 years ago
No known key found for this signature in database
GPG Key ID: D3B8A90B4072D9DB
1 changed files with
9 additions and
3 deletions
-
lib/http-server/http-server.js
|
|
|
@ -207,9 +207,15 @@ class HttpServer { |
|
|
|
HttpServer.HELMET_POLICY = { |
|
|
|
'contentSecurityPolicy' : { |
|
|
|
'directives': { |
|
|
|
'defaultSrc': ['"self"'], |
|
|
|
'styleSrc' : ['"self"', '"unsafe-inline"'], |
|
|
|
'img-src' : ['"self" data:'] |
|
|
|
'default-src': ["'self'", "data:"], |
|
|
|
'base-uri': ["'self'"], |
|
|
|
'font-src': ["'self'", "https:", "data:"], |
|
|
|
'frame-ancestors': ["'self'"], |
|
|
|
'img-src': ["'self'", "data:"], |
|
|
|
'object-src': ["'none'"], |
|
|
|
'script-src': ["'self'", "'unsafe-inline'"], |
|
|
|
'style-src': ["'self'", "https:", "'unsafe-inline'"], |
|
|
|
'media-src': ["'self'", 'data:'], |
|
|
|
}, |
|
|
|
'browserSniff': false, |
|
|
|
'disableAndroid': true |
|
|
|
|
