1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
unleash.unleash/lib/middleware/secure-headers.js
2020-10-01 21:47:40 +02:00

36 lines
1.0 KiB
JavaScript

const helmet = require('helmet');
module.exports = function(config) {
if (config.secureHeaders) {
return helmet({
hsts: {
maxAge: 63072000,
includeSubDomains: true,
preload: true,
},
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
fontSrc: [
"'self'",
'fonts.googleapis.com',
'fonts.gstatic.com',
],
styleSrc: [
"'self'",
"'unsafe-inline'",
'fonts.googleapis.com',
'fonts.gstatic.com',
'data:',
],
scriptSrc: ["'self'"],
imgSrc: ["'self'", 'data:', 'gravatar.com'],
},
},
});
}
return (req, res, next) => {
next();
};
};