allow inline styles. fixes #644

This commit is contained in:
Danny Coates 2017-11-15 10:54:13 -08:00
parent 490a1e88eb
commit b54f4575ee
No known key found for this signature in database
GPG Key ID: 4C442633C62E00CB
1 changed files with 20 additions and 22 deletions

View File

@ -42,28 +42,26 @@ module.exports = function(app) {
force: !IS_DEV force: !IS_DEV
}) })
); );
if (!IS_DEV) { app.use(
app.use( helmet.contentSecurityPolicy({
helmet.contentSecurityPolicy({ directives: {
directives: { defaultSrc: ["'self'"],
defaultSrc: ["'self'"], connectSrc: [
connectSrc: [ "'self'",
"'self'", 'https://sentry.prod.mozaws.net',
'https://sentry.prod.mozaws.net', 'https://www.google-analytics.com'
'https://www.google-analytics.com' ],
], imgSrc: ["'self'", 'https://www.google-analytics.com'],
imgSrc: ["'self'", 'https://www.google-analytics.com'], scriptSrc: ["'self'"],
scriptSrc: ["'self'"], styleSrc: ["'self'", "'unsafe-inline'", 'https://code.cdn.mozilla.net'],
styleSrc: ["'self'", 'https://code.cdn.mozilla.net'], fontSrc: ["'self'", 'https://code.cdn.mozilla.net'],
fontSrc: ["'self'", 'https://code.cdn.mozilla.net'], formAction: ["'none'"],
formAction: ["'none'"], frameAncestors: ["'none'"],
frameAncestors: ["'none'"], objectSrc: ["'none'"],
objectSrc: ["'none'"], reportUri: '/__cspreport__'
reportUri: '/__cspreport__' }
} })
}) );
);
}
app.use( app.use(
busboy({ busboy({
limits: { limits: {