Update Helmet content security policy

bcgov · Dec 18, 2023 · 3e3b04e · 3e3b04e
1 parent 91127b7
commit 3e3b04e
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/app/app.ts b/app/app.ts
@@ -30,7 +30,18 @@ app.use(compression());
 app.use(cors(DEFAULTCORS));
 app.use(express.json({ limit: config.get('server.bodyLimit') }));
 app.use(express.urlencoded({ extended: true }));
-app.use(helmet());
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        'default-src': [
+          "'self'", // eslint-disable-line
+          new URL(config.get('server.oidc.serverUrl')).origin
+        ]
+      }
+    }
+  })
+);
 
 // Skip if running tests
 if (process.env.NODE_ENV !== 'test') {