From 60a118f3918b2bdadbb81083e3a07c5ee613861a Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Thu, 6 May 2021 16:14:11 -0400 Subject: [PATCH] Add object src to csp --- src/middleware/apiCsp.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/middleware/apiCsp.ts b/src/middleware/apiCsp.ts index deeb791..6d5f1ef 100644 --- a/src/middleware/apiCsp.ts +++ b/src/middleware/apiCsp.ts @@ -1,6 +1,6 @@ import {NextFunction, Request, Response} from 'express'; export function apiCspMiddleware(req: Request, res: Response, next: NextFunction) { - res.header("Content-Security-Policy", "script-src 'none'"); + res.header("Content-Security-Policy", "script-src 'none'; object-src 'none'"); next(); } \ No newline at end of file