Update app.js to csp properly for prod

les-amateurs · Apr 5, 2024 · 9c9be02 · 9c9be02
1 parent 7e255c8
commit 9c9be02
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/server/app.js b/server/app.js
@@ -40,11 +40,12 @@ app.register(helmet, {
   contentSecurityPolicy: {
     directives: {
       defaultSrc: ['\'none\''],
-      styleSrc: ['\'unsafe-inline\'', '\'self\''],
+      styleSrc: ['\'unsafe-inline\'', '\'self\'', 'https://storage.amateurs.team'],
       scriptSrc: ['\'self\'', 'https://www.google-analytics.com', 'https://www.google.com/recaptcha/', 'https://www.gstatic.com/recaptcha/'],
       frameSrc: ['https://www.google.com/recaptcha/'],
       connectSrc: ['\'self\'', 'https://www.google-analytics.com'],
-      imgSrc: ['*', 'data:']
+      imgSrc: ['*', 'data:'],
+      fontSrc: ['*']
     }
   }
 })