jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-31 06:02:42 -05:00
Code Issues Projects Releases Wiki Activity
Files
d49ccb084e21efe1614dceb4e5cdc2dffd4f294d
docs/middleware/csp.js
Jason Etcovitch dd91c5a707 "Guides" section of the Actions landing page (#16216) 
* Add custom hover shadows

* Support avatars

* Add guide-card include

* Use it in product-landing

* Add gradient styles

* Add guides frontmatter

* Use guideArticles instead of full objects

* Add support for authors

* Add support for category header

* Just pass the whole page

* Use it

* guide.url => guide.href

* Use `*.githubusercontent.com`

* Fix mobile card width

* Remove showDescription check

* Use featureLinks.guideCards

* Forgot an if

* Remove support banner

* Just use login instead of name/avatarUrl

* Change card spacing

* Use circular avatars

* Add margin beneath "Guides"

* Use smaller font

* Even moar spacing

* Remove category

* Remove lead text, move button to bottom right

* update guide cards

* Change author of setting up ci to GitHub

* Attribute node js guide to GitHub

* Add author tag to powershell guide

* update top guides section with correct actions links

* Enforce size for single avatars

* Adjust spacing

Co-authored-by: Cynthia Rich <crichID@users.noreply.github.com>
2020-11-11 12:53:46 -05:00

50 lines
1.1 KiB
JavaScript
Raw Blame History

// This module defines a Content Security Policy (CSP) to disallow
// inline scripts and content from untrusted sources.
const { contentSecurityPolicy } = require('helmet')
module.exports = contentSecurityPolicy({
directives: {
defaultSrc: ["'none'"],
connectSrc: [
"'self'",
'*.algolia.net',
'*.algolianet.com'
],
fontSrc: [
"'self'",
'data:',
'github-images.s3.amazonaws.com'
],
imgSrc: [
"'self'",
'github.githubassets.com',
'github-images.s3.amazonaws.com',
'octodex.github.com',
'placehold.it',
'*.githubusercontent.com',
'github.com'
],
objectSrc: [
"'self'"
],
scriptSrc: [
"'self'",
'data:',
"'unsafe-eval'", // exception for Algolia instantsearch
"'unsafe-inline'"
],
frameSrc: [ // exceptions for GraphQL Explorer
'https://graphql-explorer.githubapp.com', // production env
'http://localhost:3000' // development env
],
styleSrc: [
"'self'",
"'unsafe-inline'"
],
childSrc: [
"'self'" // exception for search in deprecated GHE versions
]
}
})
Reference in New Issue View Git Blame Copy Permalink