18 lines
348 B
JavaScript
18 lines
348 B
JavaScript
const fs = require('fs')
|
|
const YAML = require('yaml')
|
|
|
|
const helmet = require('helmet')
|
|
|
|
module.exports = (path) => {
|
|
const csppolicy = fs.readFileSync(path, 'utf8')
|
|
const csp = YAML.parse(csppolicy)
|
|
|
|
return helmet({
|
|
contentSecurityPolicy: {
|
|
useDefaults: false,
|
|
directives: csp,
|
|
},
|
|
xFrameOptions: 'SAMEORIGIN',
|
|
})
|
|
}
|