You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2016/10/06 06:55:45 UTC

fauxton commit: updated refs/heads/master to fd758c0

Repository: couchdb-fauxton
Updated Branches:
  refs/heads/master a16edae68 -> fd758c015


devserver: readd/fix csp header

The CSP headers were not set, as directly interacting with express
in `webpack-dev-server` to set the headers does not work.

PR: #783
PR-URL: https://github.com/apache/couchdb-fauxton/pull/783
Reviewed-By: garren smith <ga...@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/fd758c01
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/fd758c01
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/fd758c01

Branch: refs/heads/master
Commit: fd758c015f28b1304944806d71b109000078c7fa
Parents: a16edae
Author: Robert Kowalski <ro...@apache.org>
Authored: Thu Oct 6 08:19:49 2016 +0200
Committer: Robert Kowalski <ro...@apache.org>
Committed: Thu Oct 6 08:55:38 2016 +0200

----------------------------------------------------------------------
 devserver.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/fd758c01/devserver.js
----------------------------------------------------------------------
diff --git a/devserver.js b/devserver.js
index 3bef0a8..96f3ebd 100644
--- a/devserver.js
+++ b/devserver.js
@@ -51,16 +51,18 @@ var devSetup = function (cb) {
   });
 };
 
-var defaultHeaderValue = "default-src 'self'; img-src 'self' data:; font-src 'self'; " +
+const defaultHeaderValue = "default-src 'self'; img-src 'self' data:; font-src 'self'; " +
                   "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';";
-var setCSP = function (res) {
+function getCspHeaders () {
   if (!settings.contentSecurityPolicy) {
     return;
   }
 
-  var headerValue = settings.contentSecurityPolicyHeader || defaultHeaderValue;
+  const cspHeader = settings.contentSecurityPolicyHeader || defaultHeaderValue;
 
-  res.set('Content-Security-Policy', headerValue);
+  return {
+    'Content-Security-Policy': cspHeader
+  };
 };
 
 var runWebpackServer = function () {
@@ -81,7 +83,8 @@ var runWebpackServer = function () {
     historyApiFallback: true,
     stats: {
       colors: true,
-    }
+    },
+    headers: getCspHeaders(),
   };
 
   var compiler = webpack(config);
@@ -104,7 +107,6 @@ var runWebpackServer = function () {
   });
 
   server.app.all('*', function (req, res, next) {
-    setCSP(res);
     proxy.web(req, res);
   });