Change CSP config format to be more intuitive

2017-10-20 12:31:16 +02:00
parent 5b83deb043
commit 91101c856c
5 changed files with 48 additions and 14 deletions
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -15,17 +15,9 @@ module.exports = {
  },
  csp: {
    enable: true,
-    reportUri: '',
    directives: {
-      defaultSrc: ["'self'"],
-      scriptSrc: ["'self'", "'unsafe-eval'", "vimeo.com", "https://gist.github.com", "www.slideshare.net", "https://query.yahooapis.com", "https://*.disqus.com"],
-      imgSrc: ["*"],
-      styleSrc: ["'self'", "'unsafe-inline'", "https://assets-cdn.github.com"],
-      fontSrc: ["'self'", "https://public.slidesharecdn.com"],
-      objectSrc: ["*"],
-      childSrc: ["*"],
-      connectSrc: ["'self'", "https://links.services.disqus.com", "wss://realtime.services.disqus.com"]
    },
+    addDefaults: true,
    upgradeInsecureRequests: 'auto'
  },
  protocolusessl: false,