Merge #4781

4781: fix: ensure proper content-security policy. r=jniles a=jniles Fixes the upgrade of helmet that changed the default content-security policy. Now the application renders properly. Co-authored-by: Jonathan Niles <jonathanwniles@gmail.com>
Third-Culture-Software · Aug 3, 2020 · ea1b067 · ea1b067
2 parents c77f130 + 841c39d
commit ea1b067
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/server/config/express.js b/server/config/express.js
@@ -40,7 +40,7 @@ exports.configure = function configure(app) {
   debug('configuring middleware.');
 
   // helmet guards
-  app.use(helmet());
+  app.use(helmet({ contentSecurityPolicy : { directives : { defaultSrc : ['\'self\'', '\'unsafe-inline\''] } } }));
 
   app.use(bodyParser.json({ limit : '8mb' }));
   app.use(bodyParser.urlencoded({ extended : false }));