tighten csp

This commit is contained in:
Danny Coates 2017-07-24 22:08:43 -07:00
parent 4b8445191b
commit 5a564e2c37
No known key found for this signature in database
GPG Key ID: 4C442633C62E00CB
1 changed files with 5 additions and 6 deletions

View File

@ -45,20 +45,19 @@ app.use(
connectSrc: [ connectSrc: [
"'self'", "'self'",
'https://sentry.prod.mozaws.net', 'https://sentry.prod.mozaws.net',
'https://www.google-analytics.com', 'https://www.google-analytics.com'
'https://ssl.google-analytics.com'
], ],
imgSrc: [ imgSrc: [
"'self'", "'self'",
'https://www.google-analytics.com', 'https://www.google-analytics.com'
'https://ssl.google-analytics.com'
], ],
scriptSrc: ["'self'", 'https://ssl.google-analytics.com'], scriptSrc: ["'self'"],
styleSrc: ["'self'", 'https://code.cdn.mozilla.net'], styleSrc: ["'self'", 'https://code.cdn.mozilla.net'],
fontSrc: ["'self'", 'https://code.cdn.mozilla.net'], fontSrc: ["'self'", 'https://code.cdn.mozilla.net'],
formAction: ["'none'"], formAction: ["'none'"],
frameAncestors: ["'none'"], frameAncestors: ["'none'"],
objectSrc: ["'none'"] objectSrc: ["'none'"],
reportUri: '/__cspreport__'
} }
}) })
); );