moparisthebest/mail
1
0
Fork 0
mirror of https://github.com/moparisthebest/mail synced 2024-11-29 04:12:18 -05:00
Code Issues Releases Wiki Activity

fixed csp for each browser and enabled gzip compression

Browse Source
This commit is contained in:
Tankred Hase 2013-04-20 14:59:53 +02:00
parent b2a8f2926f
commit 75242953a4
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server.js
View File

@ -9,6 +9,8 @@ app = express();
// Server setup // Server setup
app.configure(function() { app.configure(function() {
app.use(express.compress());
if (dev) { if (dev) {
// serve test files in development mode // serve test files in development mode
console.log(' > Starting in development mode ...'); console.log(' > Starting in development mode ...');
@ -17,10 +19,10 @@ app.configure(function() {
} else { } else {
// activate content security policy for production // activate content security policy for production
app.use(function(req, res, next) { app.use(function(req, res, next) {
var csp = "script-src 'self' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'"; res.set('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src *; object-src 'none'; style-src 'self' 'unsafe-inline'");
res.set('Content-Security-Policy', csp); res.set('X-Content-Security-Policy', "default-src *; script-src 'self' 'unsafe-eval'; options eval-script; object-src 'none'; style-src 'self' 'unsafe-inline'");
res.set('X-Content-Security-Policy', csp); res.set('X-WebKit-CSP', "default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src *; object-src 'none'; style-src 'self' 'unsafe-inline'");
res.set('X-WebKit-CSP', csp);
return next(); return next();
}); });
} }