From 5a564e2c37fda262faf8071a4980aa145be3c510 Mon Sep 17 00:00:00 2001 From: Danny Coates Date: Mon, 24 Jul 2017 22:08:43 -0700 Subject: [PATCH] tighten csp --- server/server.js | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/server/server.js b/server/server.js index cd9c5e90..9d4c6c3d 100644 --- a/server/server.js +++ b/server/server.js @@ -45,20 +45,19 @@ app.use( connectSrc: [ "'self'", 'https://sentry.prod.mozaws.net', - 'https://www.google-analytics.com', - 'https://ssl.google-analytics.com' + 'https://www.google-analytics.com' ], imgSrc: [ "'self'", - 'https://www.google-analytics.com', - 'https://ssl.google-analytics.com' + 'https://www.google-analytics.com' ], - scriptSrc: ["'self'", 'https://ssl.google-analytics.com'], + scriptSrc: ["'self'"], styleSrc: ["'self'", 'https://code.cdn.mozilla.net'], fontSrc: ["'self'", 'https://code.cdn.mozilla.net'], formAction: ["'none'"], frameAncestors: ["'none'"], - objectSrc: ["'none'"] + objectSrc: ["'none'"], + reportUri: '/__cspreport__' } }) );