mirror of
https://github.com/moparisthebest/mail
synced 2024-12-26 01:08:50 -05:00
fixed csp for each browser and enabled gzip compression
This commit is contained in:
parent
b2a8f2926f
commit
75242953a4
10
server.js
10
server.js
@ -9,6 +9,8 @@ app = express();
|
||||
|
||||
// Server setup
|
||||
app.configure(function() {
|
||||
app.use(express.compress());
|
||||
|
||||
if (dev) {
|
||||
// serve test files in development mode
|
||||
console.log(' > Starting in development mode ...');
|
||||
@ -17,10 +19,10 @@ app.configure(function() {
|
||||
} else {
|
||||
// activate content security policy for production
|
||||
app.use(function(req, res, next) {
|
||||
var csp = "script-src 'self' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'";
|
||||
res.set('Content-Security-Policy', csp);
|
||||
res.set('X-Content-Security-Policy', csp);
|
||||
res.set('X-WebKit-CSP', csp);
|
||||
res.set('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src *; object-src 'none'; style-src 'self' 'unsafe-inline'");
|
||||
res.set('X-Content-Security-Policy', "default-src *; script-src 'self' 'unsafe-eval'; options eval-script; object-src 'none'; style-src 'self' 'unsafe-inline'");
|
||||
res.set('X-WebKit-CSP', "default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src *; object-src 'none'; style-src 'self' 'unsafe-inline'");
|
||||
|
||||
return next();
|
||||
});
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user