mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
36 lines
1.0 KiB
JavaScript
36 lines
1.0 KiB
JavaScript
const helmet = require('helmet');
|
|
|
|
module.exports = function(config) {
|
|
if (config.secureHeaders) {
|
|
return helmet({
|
|
hsts: {
|
|
maxAge: 63072000,
|
|
includeSubDomains: true,
|
|
preload: true,
|
|
},
|
|
contentSecurityPolicy: {
|
|
directives: {
|
|
defaultSrc: ["'self'"],
|
|
fontSrc: [
|
|
"'self'",
|
|
'fonts.googleapis.com',
|
|
'fonts.gstatic.com',
|
|
],
|
|
styleSrc: [
|
|
"'self'",
|
|
"'unsafe-inline'",
|
|
'fonts.googleapis.com',
|
|
'fonts.gstatic.com',
|
|
'data:',
|
|
],
|
|
scriptSrc: ["'self'"],
|
|
imgSrc: ["'self'", 'data:', 'gravatar.com'],
|
|
},
|
|
},
|
|
});
|
|
}
|
|
return (req, res, next) => {
|
|
next();
|
|
};
|
|
};
|