From 87dcf162dcb0e16df6500e30172cc87e4aeff0ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20=C5=A0ev=C4=8D=C3=ADk?= <pajaseviwow@gmail.com>
Date: Thu, 17 Jun 2021 14:28:25 +0200
Subject: [PATCH] Update helmet content security policy

---
 lib/http-server/http-server.js | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/http-server/http-server.js b/lib/http-server/http-server.js
index 6aef1dc..82b00aa 100644
--- a/lib/http-server/http-server.js
+++ b/lib/http-server/http-server.js
@@ -207,9 +207,15 @@ class HttpServer {
 HttpServer.HELMET_POLICY = {
   'contentSecurityPolicy' : {
     'directives': {
-      'defaultSrc': ['"self"'],
-      'styleSrc' : ['"self"', '"unsafe-inline"'],
-      'img-src' : ['"self" data:']
+      'default-src': ["'self'", "data:"],
+      'base-uri': ["'self'"],
+      'font-src': ["'self'", "https:", "data:"],
+      'frame-ancestors': ["'self'"],
+      'img-src': ["'self'", "data:"],
+      'object-src': ["'none'"],
+      'script-src': ["'self'", "'unsafe-inline'"],
+      'style-src': ["'self'", "https:", "'unsafe-inline'"],
+      'media-src': ["'self'", 'data:'],
     },
     'browserSniff': false,
     'disableAndroid': true