Skip to content
This repository was archived by the owner on Jan 3, 2019. It is now read-only.

Commit f89e46f

Browse files
weiluweilu
committed
add child-src as a default src for CSP
1 parent 88778e7 commit f89e46f

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

server/express.js

+1
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ module.exports = function (){
2626
}
2727
app.use(helmet.csp({
2828
'default-src': ["'self'"],
29+
'child-src': ["'self'", "blob:"],
2930
'connect-src': [
3031
"'self'", "blob:",
3132
'api.bitcoinaverage.com', 'chain.so', // tickers

0 commit comments

Comments
 (0)