disable CSP for now

we want to have the changes rolled out, so we disable CSP headers for now and will take care of them after the file_cache functionality has been rolled out just for testing purposes, disable CSP for now until sha calculation is fixed

disable CSP for now
we want to have the changes rolled out, so we disable CSP headers for now and will take care of them after the file_cache functionality has been rolled out just for testing purposes, disable CSP for now until sha calculation is fixed
33708934 · julian.baeume · 41fe7f3b · 33708934 · 33708934
Commit 33708934 authored 3 years ago by julian.baeume
--- a/spec/file_caching_test.js
+++ b/spec/file_caching_test.js
@@ -56,7 +56,7 @@ describe('File caching service', () => {
    expect(response.statusCode).toBe(200)
    expect(response.headers['content-type']).toBe('application/javascript; charset=utf-8')
    expect(response.text).toBe('this is example')
-    expect(response.headers['content-security-policy']).toContain('sha256-NzZhMTE2Njc2YTgyNTZmZTdlZGVjZDU3YTNmYzRjNmM1OWZkMTI2NjRkYzZmMWM3YTkwMGU3ZTdhNDlhZmVlMwo=')
+    // expect(response.headers['content-security-policy']).toContain('sha256-NzZhMTE2Njc2YTgyNTZmZTdlZGVjZDU3YTNmYzRjNmM1OWZkMTI2NjRkYzZmMWM3YTkwMGU3ZTdhNDlhZmVlMwo=')
    const response2 = await request(app).get('/test.txt')
    expect(response2.statusCode).toBe(200)
    expect(response2.headers['content-type']).toBe('text/plain; charset=utf-8')
@@ -67,7 +67,7 @@ describe('File caching service', () => {
    const response = await request(app).get('/main.css')
    expect(response.statusCode).toBe(200)
    expect(response.headers['content-type']).toBe('text/css; charset=utf-8')
-    expect(response.headers['content-security-policy']).toContain('sha256-YjRiYWRlYTVhYmM5ZTZkNjE2ZGM4YjcwZWRlNzUxMmU0YjgxY2UxMWExOTI2ZjM1NzM1M2Y2MWJjNmUwMmZjMwo=')
+    // expect(response.headers['content-security-policy']).toContain('sha256-YjRiYWRlYTVhYmM5ZTZkNjE2ZGM4YjcwZWRlNzUxMmU0YjgxY2UxMWExOTI2ZjM1NzM1M2Y2MWJjNmUwMmZjMwo=')
  })

  it('serves / as index.html', async () => {

--- a/src/createApp.js
+++ b/src/createApp.js
@@ -44,12 +44,7 @@ export function createApp () {
    next()
  })
  app.use(helmet({
-    contentSecurityPolicy: {
-      useDefaults: true,
-      directives: {
-        defaultSrc: ["'self'", (req, res) => res.locals.sha256Sum ? `'sha256-${res.locals.sha256Sum}'` : '']
-      }
-    }
+    contentSecurityPolicy: false
  }))
  app.use('/healthy', health.LivenessEndpoint(healthCheck))
  app.use('/ready', health.ReadinessEndpoint(healthCheck))