Skip to content

Commit

Permalink
Cleaned code by moving csp headers to another file
Browse files Browse the repository at this point in the history
  • Loading branch information
@dgargdipin
dgargdipin committed Oct 2, 2020
1 parent 9ef072f commit 3ba8eb9
Show file tree
Hide file tree
Showing 4 changed files with 99 additions and 65 deletions.
70 changes: 5 additions & 65 deletions app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ const bodyParser = require("body-parser");
const helmet = require("helmet");
const cors = require("cors");
const path = require("path");

const csp_header_dict = require("./config/csp-headers");
//Passport config
require("./config/passport-google")(passport);
//passport is for authenticating only
Expand Down Expand Up @@ -48,77 +48,17 @@ app.use(
expressCspHeader({
directives: {
"default-src": [
SELF,
"*.google.com",
"https://*/",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",

...csp_header_dict.defaultSrc,
SELF,
INLINE,
],
"script-src": [
...csp_header_dict.scriptSrc,
SELF,
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",
"data: *",
INLINE,
],
"img-src": ["data:image/svg+xml", SELF,
"*.google.com",
"https://*/",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",

"img-src": [
...csp_header_dict.imgSrc,
SELF,
INLINE,
],
Expand Down
67 changes: 67 additions & 0 deletions config/csp-headers.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
module.exports = {
"defaultSrc": [
"*.google.com",
"https://*/",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",
],
"scriptSrc": ["*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",
"data: *",
],
"imgSrc": ["data:image/svg+xml",
"*.google.com",
"https://*/",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"https://kit.fontawesome.com/*",
"*.google.com",
"https://kit.fontawesome.com/",
"https://images.squarespace-cdn.com/",
"https://fonts.gstatic.com/",
"*.googleapis.com",
"kit.fontawesome.com",
"https://apis.google.com/js/",
"data:",
"https://apis.google.com/js/api.js",
"apis.google.com",
"self",
],
}
26 changes: 26 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
"dependencies": {
"bcryptjs": "^2.4.3",
"body-parser": "^1.19.0",
"cloudinary": "^1.23.0",
"concurrently": "^5.3.0",
"cors": "^2.8.5",
"dotenv": "^8.2.0",
Expand Down

0 comments on commit 3ba8eb9

Please sign in to comment.