-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcsp.js
More file actions
25 lines (22 loc) · 783 Bytes
/
csp.js
File metadata and controls
25 lines (22 loc) · 783 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
const express = require('express');
const router = express.Router();
const csp = require('helmet-csp');
const functions = require('./functions.js');
router.post('/csp-report', (req, res) => {
functions.logger.warn('CSP header violation', req.body['csp-report']);
res.status(204).end();
});
router.use(csp({
directives: {
defaultSrc: ["'self'"],
imgSrc: ["'self'", "data:", "*", "https://www.google-analytics.com"],
fontSrc: ["'self'", "https://fonts.gstatic.com"],
styleSrc: ["'self'", "https://fonts.googleapis.com"],
scriptSrc: ["'self'", "https://www.google-analytics.com"],
objectSrc: ["'none'"],
connectSrc: ["'self'", "https://www.google-analytics.com"],
reportUri: '/csp-report',
},
reportOnly: true,
}));
module.exports = router;