-
-
Notifications
You must be signed in to change notification settings - Fork 263
/
Copy pathhelmet-csp.js
72 lines (70 loc) · 1.86 KB
/
helmet-csp.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
'use strict';
const CSP = {
defaultSrc: ['\'self\''],
baseUri: ['\'self\''],
formAction: ['platform.twitter.com', 'syndication.twitter.com'],
frameAncestors: ['\'none\''],
scriptSrc: [
'\'self\'',
'\'unsafe-inline\'',
'stackpath.bootstrapcdn.com',
'code.jquery.com',
'platform.twitter.com',
'api.github.com',
'https://cdn.jsdelivr.net',
'https://datum.jsdelivr.com',
(req, res) => `'nonce-${res.locals.nonce}'`
],
styleSrc: [
'\'self\'',
'\'unsafe-inline\'',
'stackpath.bootstrapcdn.com',
'fonts.googleapis.com',
'platform.twitter.com',
'https://cdn.jsdelivr.net'
],
imgSrc: [
'\'self\'',
'data:',
'bootswatch.com',
'syndication.twitter.com',
'stats.g.doubleclick.net',
'ad.doubleclick.net',
'*.convertro.com',
'*.c3tag.com',
'*.2mdn.net',
'launchbit.com',
'www.launchbit.com',
'https://cdn.jsdelivr.net'
],
fontSrc: [
'\'self\'',
'stackpath.bootstrapcdn.com',
'fonts.gstatic.com',
'https://cdn.jsdelivr.net'
],
frameSrc: [
'\'self\'',
'img.shields.io',
'platform.twitter.com',
'syndication.twitter.com',
'https://cdn.jsdelivr.net',
'https://github.com/sponsors/jsdelivr/button'
],
childSrc: [
'\'self\'',
'img.shields.io',
'platform.twitter.com',
'syndication.twitter.com',
'https://cdn.jsdelivr.net'
],
connectSrc: [
'syndication.twitter.com',
'https://api.github.com/repos/jsdelivr/bootstrapcdn',
'https://stats.g.doubleclick.net',
'https://datum.jsdelivr.com/api/event'
],
objectSrc: ['img.shields.io'],
manifestSrc: ['\'self\'']
};
module.exports = CSP;