Merge branch 'MLAB-524' into 'testing'

add CSP See merge request !64

Merge branch 'MLAB-524' into 'testing'
add CSP See merge request !64
cc41f087 · Rosanny Sihombing · 8f1cff20 · 6fdbbc20 · cc41f087
Commit cc41f087 authored Jul 26, 2021 by Rosanny Sihombing
--- a/app.ts
+++ b/app.ts
@@ -19,7 +19,19 @@ app.set('port', config.app.port)
 app.set('views', __dirname + '/views')
 app.set('view engine', 'pug')

-app.use(helmet())
+app.use(
+    helmet.contentSecurityPolicy({
+        useDefaults: true,
+        directives: {
+            "font-src": ["'self'", "https://use.fontawesome.com"],
+            "img-src": ["'self'", "https://transfer.hft-stuttgart.de"],
+            "script-src": ["'self'", "https://code.jquery.com/jquery-3.3.1.min.js", "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js", "https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"],
+            "style-src": ["'self'", "https://use.fontawesome.com/releases/v5.8.2/css/all.css"],
+            "frame-src": ["'self'"]
+        },
+        reportOnly: true,
+    })
+);
 app.use(compression())
 app.use(morgan('combined'))
 app.use(cookieParser())