CSP update test for uni-nav

jmgasper · jmgasper · commit a5dd4b8e0c5d · 2023-01-14T12:19:14.000+11:00
diff --git a/server.js b/server.js
@@ -17,22 +17,22 @@ function check () {
 }
 app.use(healthCheck.middleware([check]))
 app.use((req, res, next) => {
-  res.header('Referrer-Policy', 'strict-origin-when-cross-origin');
-  res.header('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
-  res.header('X-Content-Type-Options', 'nosniff');
-  res.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
-  res.header('Cache-control', 'public, max-age=0');
-  res.header('Pragma', 'no-cache');
-  res.setHeader('X-Frame-Options', 'DENY');
+  res.header('Referrer-Policy', 'strict-origin-when-cross-origin')
+  res.header('Permissions-Policy', 'geolocation=(), microphone=(), camera=()')
+  res.header('X-Content-Type-Options', 'nosniff')
+  res.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload')
+  res.header('Cache-control', 'public, max-age=0')
+  res.header('Pragma', 'no-cache')
+  res.setHeader('X-Frame-Options', 'DENY')
   res.setHeader('Content-Security-Policy',
-      "frame-ancestors 'none';" +
+    "frame-ancestors 'none';" +
       "script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'" +
         ' https://uni-nav.topcoder-dev.com' +
         ' https://uni-nav.topcoder.com'
-  );
+  )
 
-  next();
-});
+  next()
+})
 // app.use(requireHTTPS) // removed because app servers don't handle https
 // app.use(express.static(__dirname))
 app.use(express.static(path.join(__dirname, 'build')))
