From 6fdbbc208fc3d55788b6fbd4175f48a430f8a49c Mon Sep 17 00:00:00 2001
From: Rosanny <rosanny.sihombing@hft-stuttgart.de>
Date: Mon, 26 Jul 2021 15:46:57 +0200
Subject: [PATCH] add CSP

---
 app.ts | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/app.ts b/app.ts
index 073dfee..6e81a96 100644
--- a/app.ts
+++ b/app.ts
@@ -19,7 +19,19 @@ app.set('port', config.app.port)
 app.set('views', __dirname + '/views')
 app.set('view engine', 'pug')
 
-app.use(helmet())
+app.use(
+    helmet.contentSecurityPolicy({
+        useDefaults: true,
+        directives: {
+            "font-src": ["'self'", "https://use.fontawesome.com"],
+            "img-src": ["'self'", "https://transfer.hft-stuttgart.de"],
+            "script-src": ["'self'", "https://code.jquery.com/jquery-3.3.1.min.js", "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js", "https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"],
+            "style-src": ["'self'", "https://use.fontawesome.com/releases/v5.8.2/css/all.css"],
+            "frame-src": ["'self'"]
+        },
+        reportOnly: true,
+    })
+);
 app.use(compression())
 app.use(morgan('combined'))
 app.use(cookieParser())
-- 
GitLab