Skip to content
This repository has been archived by the owner on Jan 3, 2019. It is now read-only.

Commit

Permalink
add child-src as a default src for CSP
Browse files Browse the repository at this point in the history
  • Loading branch information
@weilu
weilu committed Sep 16, 2015
1 parent 88778e7 commit f89e46f
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions server/express.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ module.exports = function (){
}
app.use(helmet.csp({
'default-src': ["'self'"],
'child-src': ["'self'", "blob:"],
'connect-src': [
"'self'", "blob:",
'api.bitcoinaverage.com', 'chain.so', // tickers
Expand Down

0 comments on commit f89e46f

Please sign in to comment.