add configs to handle content-security-policy correctly for custom fxa urls
This commit is contained in:
parent
5fb9e395d5
commit
e2876b119d
2 changed files with 41 additions and 3 deletions
|
@ -145,6 +145,26 @@ const conf = convict({
|
||||||
default: 'https://identity.mozilla.com/apps/send',
|
default: 'https://identity.mozilla.com/apps/send',
|
||||||
env: 'FXA_KEY_SCOPE'
|
env: 'FXA_KEY_SCOPE'
|
||||||
},
|
},
|
||||||
|
fxa_csp_oauth_url: {
|
||||||
|
format: String,
|
||||||
|
default: '',
|
||||||
|
env: 'FXA_CSP_OAUTH_URL'
|
||||||
|
},
|
||||||
|
fxa_csp_content_url: {
|
||||||
|
format: String,
|
||||||
|
default: '',
|
||||||
|
env: 'FXA_CSP_CONTENT_URL'
|
||||||
|
},
|
||||||
|
fxa_csp_profile_url: {
|
||||||
|
format: String,
|
||||||
|
default: '',
|
||||||
|
env: 'FXA_CSP_PROFILE_URL'
|
||||||
|
},
|
||||||
|
fxa_csp_profileimage_url: {
|
||||||
|
format: String,
|
||||||
|
default: '',
|
||||||
|
env: 'FXA_CSP_PROFILEIMAGE_URL'
|
||||||
|
},
|
||||||
survey_url: {
|
survey_url: {
|
||||||
format: String,
|
format: String,
|
||||||
default: '',
|
default: '',
|
||||||
|
|
|
@ -31,8 +31,7 @@ module.exports = function(app) {
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
if (!IS_DEV) {
|
if (!IS_DEV) {
|
||||||
app.use(
|
let csp = {
|
||||||
helmet.contentSecurityPolicy({
|
|
||||||
directives: {
|
directives: {
|
||||||
defaultSrc: ["'self'"],
|
defaultSrc: ["'self'"],
|
||||||
connectSrc: [
|
connectSrc: [
|
||||||
|
@ -62,9 +61,28 @@ module.exports = function(app) {
|
||||||
objectSrc: ["'none'"],
|
objectSrc: ["'none'"],
|
||||||
reportUri: '/__cspreport__'
|
reportUri: '/__cspreport__'
|
||||||
}
|
}
|
||||||
})
|
}
|
||||||
|
|
||||||
|
csp.directives.connectSrc.push(config.base_url.replace(/^https:\/\//,'wss://'))
|
||||||
|
if(config.fxa_csp_oauth_url != ""){
|
||||||
|
csp.directives.connectSrc.push(config.fxa_csp_oauth_url)
|
||||||
|
}
|
||||||
|
if(config.fxa_csp_content_url != "" ){
|
||||||
|
csp.directives.connectSrc.push(config.fxa_csp_content_url)
|
||||||
|
}
|
||||||
|
if(config.fxa_csp_profile_url != "" ){
|
||||||
|
csp.directives.connectSrc.push(config.fxa_csp_profile_url)
|
||||||
|
}
|
||||||
|
if(config.fxa_csp_profileimage_url != ""){
|
||||||
|
csp.directives.imgSrc.push(config.fxa_csp_profileimage_url)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
app.use(
|
||||||
|
helmet.contentSecurityPolicy(csp)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
app.use(function(req, res, next) {
|
app.use(function(req, res, next) {
|
||||||
res.set('Pragma', 'no-cache');
|
res.set('Pragma', 'no-cache');
|
||||||
res.set(
|
res.set(
|
||||||
|
|
Loading…
Reference in a new issue