mirror of https://github.com/moparisthebest/mail
fix csp for prdouction web server
This commit is contained in:
parent
01902f1fe4
commit
7b16d6b713
12
Gruntfile.js
12
Gruntfile.js
|
@ -20,20 +20,20 @@ module.exports = function(grunt) {
|
||||||
prod: {
|
prod: {
|
||||||
options: {
|
options: {
|
||||||
port: process.env.PORT || 8585,
|
port: process.env.PORT || 8585,
|
||||||
base: './src/',
|
base: './dist/',
|
||||||
keepalive: true,
|
keepalive: true,
|
||||||
middleware: function(connect, options) {
|
middleware: function(connect, options) {
|
||||||
// Return array of whatever middlewares you want
|
// Return array of whatever middlewares you want
|
||||||
return [function(req, res, next) {
|
return [
|
||||||
res.setHeader('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src *; object-src 'none'; style-src 'self' 'unsafe-inline'");
|
function(req, res, next) {
|
||||||
res.setHeader('X-Content-Security-Policy', "default-src *; script-src 'self' 'unsafe-eval'; options eval-script; object-src 'none'; style-src 'self' 'unsafe-inline'");
|
res.setHeader('Content-Security-Policy', "default-src 'self'; connect-src *; object-src 'none'; style-src 'self' 'unsafe-inline'");
|
||||||
res.setHeader('X-WebKit-CSP', "default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src *; object-src 'none'; style-src 'self' 'unsafe-inline'");
|
|
||||||
|
|
||||||
return next();
|
return next();
|
||||||
},
|
},
|
||||||
|
|
||||||
// Serve static files.
|
// Serve static files.
|
||||||
connect.static(options.base)];
|
connect.static(options.base)
|
||||||
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue