save file

javascript-2020 · javascript-2020 · commit b08562ad7b4d · 2025-12-05T15:50:13.000Z
diff --git a/blog/25-12-04/bypass-csp/server/test-server.js b/blog/25-12-04/bypass-csp/server/test-server.js
@@ -53,7 +53,13 @@
                     }
                                   
                     var csp   = `default-src 'self';connect-src 'self';script-src 'self' 'unsafe-inline';`;
-                    res.writeHead(200,{'content-type':'text/html','content-security-policy':csp});
+                    var headers   = {
+                          'content-type'                    : 'text/html',
+                          'content-security-policy'         : csp,
+                          'access-control-allow-origin'     : '*',
+                          'access-control-expose-headers'   : 'content-length, content-encoding, content-disposition etag'
+                    }
+                    res.writeHead(200,headers);
                     res.end(html)
                     
               });
