|
|
|
|
@ -1,7 +1,9 @@
|
|
|
|
|
var Default = module.exports;
|
|
|
|
|
|
|
|
|
|
Default.commonCSP = function (domain) {
|
|
|
|
|
domain = ' ' + domain;
|
|
|
|
|
// Content-Security-Policy
|
|
|
|
|
|
|
|
|
|
return [
|
|
|
|
|
"default-src 'none'",
|
|
|
|
|
"style-src 'unsafe-inline' 'self' " + domain,
|
|
|
|
|
@ -34,11 +36,11 @@ Default.commonCSP = function (domain) {
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Default.contentSecurity = function (domain) {
|
|
|
|
|
return Default.commonCSP(domain).join('; ') + "script-src 'self'" + domain;
|
|
|
|
|
return (Default.commonCSP(domain).join('; ') + "script-src 'self' " + domain).replace(/\s+/g, ' ');
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Default.padContentSecurity = function (domain) {
|
|
|
|
|
return Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain;
|
|
|
|
|
return (Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline' " + domain).replace(/\s+/g, ' ');
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Default.httpHeaders = function () {
|
|
|
|
|
|
ansuz
5 years ago