Repository: couchdb-fauxton Updated Branches: refs/heads/master a16edae68 -> fd758c015
devserver: readd/fix csp header The CSP headers were not set, as directly interacting with express in `webpack-dev-server` to set the headers does not work. PR: #783 PR-URL: https://github.com/apache/couchdb-fauxton/pull/783 Reviewed-By: garren smith <garren.sm...@gmail.com> Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/fd758c01 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/fd758c01 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/fd758c01 Branch: refs/heads/master Commit: fd758c015f28b1304944806d71b109000078c7fa Parents: a16edae Author: Robert Kowalski <robertkowal...@apache.org> Authored: Thu Oct 6 08:19:49 2016 +0200 Committer: Robert Kowalski <robertkowal...@apache.org> Committed: Thu Oct 6 08:55:38 2016 +0200 ---------------------------------------------------------------------- devserver.js | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/fd758c01/devserver.js ---------------------------------------------------------------------- diff --git a/devserver.js b/devserver.js index 3bef0a8..96f3ebd 100644 --- a/devserver.js +++ b/devserver.js @@ -51,16 +51,18 @@ var devSetup = function (cb) { }); }; -var defaultHeaderValue = "default-src 'self'; img-src 'self' data:; font-src 'self'; " + +const defaultHeaderValue = "default-src 'self'; img-src 'self' data:; font-src 'self'; " + "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"; -var setCSP = function (res) { +function getCspHeaders () { if (!settings.contentSecurityPolicy) { return; } - var headerValue = settings.contentSecurityPolicyHeader || defaultHeaderValue; + const cspHeader = settings.contentSecurityPolicyHeader || defaultHeaderValue; - res.set('Content-Security-Policy', headerValue); + return { + 'Content-Security-Policy': cspHeader + }; }; var runWebpackServer = function () { @@ -81,7 +83,8 @@ var runWebpackServer = function () { historyApiFallback: true, stats: { colors: true, - } + }, + headers: getCspHeaders(), }; var compiler = webpack(config); @@ -104,7 +107,6 @@ var runWebpackServer = function () { }); server.app.all('*', function (req, res, next) { - setCSP(res); proxy.web(req, res); });