From 33708934641b8b875fb73de2b9450279c93c7f29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julian=20B=C3=A4ume?= <julian.baeume@open-xchange.com>
Date: Fri, 1 Oct 2021 16:18:25 +0200
Subject: [PATCH] disable CSP for now

we want to have the changes rolled out, so we disable CSP headers for now and
will take care of them after the file_cache functionality has been rolled out

just for testing purposes, disable CSP for now until sha calculation is fixed
---
 spec/file_caching_test.js | 4 ++--
 src/createApp.js          | 7 +------
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/spec/file_caching_test.js b/spec/file_caching_test.js
index 180b25b..5dfc979 100644
--- a/spec/file_caching_test.js
+++ b/spec/file_caching_test.js
@@ -56,7 +56,7 @@ describe('File caching service', () => {
     expect(response.statusCode).toBe(200)
     expect(response.headers['content-type']).toBe('application/javascript; charset=utf-8')
     expect(response.text).toBe('this is example')
-    expect(response.headers['content-security-policy']).toContain('sha256-NzZhMTE2Njc2YTgyNTZmZTdlZGVjZDU3YTNmYzRjNmM1OWZkMTI2NjRkYzZmMWM3YTkwMGU3ZTdhNDlhZmVlMwo=')
+    // expect(response.headers['content-security-policy']).toContain('sha256-NzZhMTE2Njc2YTgyNTZmZTdlZGVjZDU3YTNmYzRjNmM1OWZkMTI2NjRkYzZmMWM3YTkwMGU3ZTdhNDlhZmVlMwo=')
     const response2 = await request(app).get('/test.txt')
     expect(response2.statusCode).toBe(200)
     expect(response2.headers['content-type']).toBe('text/plain; charset=utf-8')
@@ -67,7 +67,7 @@ describe('File caching service', () => {
     const response = await request(app).get('/main.css')
     expect(response.statusCode).toBe(200)
     expect(response.headers['content-type']).toBe('text/css; charset=utf-8')
-    expect(response.headers['content-security-policy']).toContain('sha256-YjRiYWRlYTVhYmM5ZTZkNjE2ZGM4YjcwZWRlNzUxMmU0YjgxY2UxMWExOTI2ZjM1NzM1M2Y2MWJjNmUwMmZjMwo=')
+    // expect(response.headers['content-security-policy']).toContain('sha256-YjRiYWRlYTVhYmM5ZTZkNjE2ZGM4YjcwZWRlNzUxMmU0YjgxY2UxMWExOTI2ZjM1NzM1M2Y2MWJjNmUwMmZjMwo=')
   })
 
   it('serves / as index.html', async () => {
diff --git a/src/createApp.js b/src/createApp.js
index 5fab096..c9d3ab2 100644
--- a/src/createApp.js
+++ b/src/createApp.js
@@ -44,12 +44,7 @@ export function createApp () {
     next()
   })
   app.use(helmet({
-    contentSecurityPolicy: {
-      useDefaults: true,
-      directives: {
-        defaultSrc: ["'self'", (req, res) => res.locals.sha256Sum ? `'sha256-${res.locals.sha256Sum}'` : '']
-      }
-    }
+    contentSecurityPolicy: false
   }))
   app.use('/healthy', health.LivenessEndpoint(healthCheck))
   app.use('/ready', health.ReadinessEndpoint(healthCheck))
-- 
GitLab