diff options
Diffstat (limited to 'server/middlewares/csp.ts')
| -rw-r--r-- | server/middlewares/csp.ts | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index 0ee44bf47..e2a75a17e 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | import * as helmet from 'helmet' | 1 | import { contentSecurityPolicy } from 'helmet' |
| 2 | import { CONFIG } from '../initializers/config' | 2 | import { CONFIG } from '../initializers/config' |
| 3 | 3 | ||
| 4 | const baseDirectives = Object.assign({}, | 4 | const baseDirectives = Object.assign({}, |
| @@ -22,12 +22,12 @@ const baseDirectives = Object.assign({}, | |||
| 22 | CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: [] } : {} | 22 | CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: [] } : {} |
| 23 | ) | 23 | ) |
| 24 | 24 | ||
| 25 | const baseCSP = helmet.contentSecurityPolicy({ | 25 | const baseCSP = contentSecurityPolicy({ |
| 26 | directives: baseDirectives, | 26 | directives: baseDirectives, |
| 27 | reportOnly: CONFIG.CSP.REPORT_ONLY | 27 | reportOnly: CONFIG.CSP.REPORT_ONLY |
| 28 | }) | 28 | }) |
| 29 | 29 | ||
| 30 | const embedCSP = helmet.contentSecurityPolicy({ | 30 | const embedCSP = contentSecurityPolicy({ |
| 31 | directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }), | 31 | directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }), |
| 32 | reportOnly: CONFIG.CSP.REPORT_ONLY | 32 | reportOnly: CONFIG.CSP.REPORT_ONLY |
| 33 | }) | 33 | }) |