disable CSP when env = development

server/routes/index.js

@@ -7,6 +7,7 @@ const storage = require('../storage');
 const config = require('../config');
 const pages = require('./pages');
 // const lang = require('fluent-langneg')
+const IS_DEV = config.env === 'development';
 
 module.exports = function(app) {
   app.use(
@@ -18,9 +19,10 @@ module.exports = function(app) {
   app.use(
     helmet.hsts({
       maxAge: 31536000,
-      force: config.env === 'production'
+      force: !IS_DEV
     })
   );
+  if (!IS_DEV) {
     app.use(
       helmet.contentSecurityPolicy({
         directives: {
@@ -41,6 +43,7 @@ module.exports = function(app) {
         }
       })
     );
+  }
   app.use(
     busboy({
       limits: {