From 5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 Mon Sep 17 00:00:00 2001
From: Rigel Kent <par@rigelk.eu>
Date: Thu, 13 Dec 2018 09:49:45 +0100
Subject: add Content Security Policy (#1252)

* add Content Security Policy

* remove reflect-metadata on production builds to get rid of unsafe-eval

* fix baseCSP usage

* add SRI to CSP

* add blob: to media-src

* remove SRI

* CSP set to reportOnly

* adding data: to connect-src CSP

* remove block-all-mixed-content

* add report-uri support
---
 server/initializers/constants.ts | 1 +
 1 file changed, 1 insertion(+)

(limited to 'server/initializers')

diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index ad61bee73..f1a734f48 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -290,6 +290,7 @@ const CONFIG = {
     get SECURITYTXT_CONTACT () { return config.get<string>('admin.email') }
   },
   SERVICES: {
+    get 'CSP-LOGGER' () { return config.get<string>('services.csp-logger') },
     TWITTER: {
       get USERNAME () { return config.get<string>('services.twitter.username') },
       get WHITELISTED () { return config.get<boolean>('services.twitter.whitelisted') }
-- 
cgit v1.2.3