fix: CSP for client-side editor uploads

2019-09-15 14:41:34 -07:00
parent 6520a501e3
commit 439ae1e832
1 changed files with 5 additions and 0 deletions
--- a/server/app.js
+++ b/server/app.js
@ -122,6 +122,11 @@ app.use(
      styleSrc: ["'self'", "'unsafe-inline'", 'github.githubassets.com'],
      imgSrc: ['*', 'data:', 'blob:'],
      frameSrc: ['*'],
+      connectSrc: [
+        "'self'",
+        process.env.AWS_S3_UPLOAD_BUCKET_URL,
+        'www.google-analytics.com',
+      ],
    },
  })
 );