You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2016/10/06 06:55:45 UTC
fauxton commit: updated refs/heads/master to fd758c0
Repository: couchdb-fauxton
Updated Branches:
refs/heads/master a16edae68 -> fd758c015
devserver: readd/fix csp header
The CSP headers were not set, as directly interacting with express
in `webpack-dev-server` to set the headers does not work.
PR: #783
PR-URL: https://github.com/apache/couchdb-fauxton/pull/783
Reviewed-By: garren smith <ga...@gmail.com>
Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/fd758c01
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/fd758c01
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/fd758c01
Branch: refs/heads/master
Commit: fd758c015f28b1304944806d71b109000078c7fa
Parents: a16edae
Author: Robert Kowalski <ro...@apache.org>
Authored: Thu Oct 6 08:19:49 2016 +0200
Committer: Robert Kowalski <ro...@apache.org>
Committed: Thu Oct 6 08:55:38 2016 +0200
----------------------------------------------------------------------
devserver.js | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/fd758c01/devserver.js
----------------------------------------------------------------------
diff --git a/devserver.js b/devserver.js
index 3bef0a8..96f3ebd 100644
--- a/devserver.js
+++ b/devserver.js
@@ -51,16 +51,18 @@ var devSetup = function (cb) {
});
};
-var defaultHeaderValue = "default-src 'self'; img-src 'self' data:; font-src 'self'; " +
+const defaultHeaderValue = "default-src 'self'; img-src 'self' data:; font-src 'self'; " +
"script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';";
-var setCSP = function (res) {
+function getCspHeaders () {
if (!settings.contentSecurityPolicy) {
return;
}
- var headerValue = settings.contentSecurityPolicyHeader || defaultHeaderValue;
+ const cspHeader = settings.contentSecurityPolicyHeader || defaultHeaderValue;
- res.set('Content-Security-Policy', headerValue);
+ return {
+ 'Content-Security-Policy': cspHeader
+ };
};
var runWebpackServer = function () {
@@ -81,7 +83,8 @@ var runWebpackServer = function () {
historyApiFallback: true,
stats: {
colors: true,
- }
+ },
+ headers: getCspHeaders(),
};
var compiler = webpack(config);
@@ -104,7 +107,6 @@ var runWebpackServer = function () {
});
server.app.all('*', function (req, res, next) {
- setCSP(res);
proxy.web(req, res);
});