@quintype/framework 7.18.9-support-inline-js.1 → 7.18.9-support-inline-js.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/server/handlers/cdn-caching.js +3 -3
  3. package/test/integration/isomorphic-handler-test.js +4 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@quintype/framework",
3
- "version": "7.18.9-support-inline-js.1",
3
+ "version": "7.18.9-support-inline-js.3",
4
4
  "description": "Libraries to help build Quintype Node.js apps",
5
5
  "main": "index.js",
6
6
  "engines": {
package/server/handlers/cdn-caching.js CHANGED
@@ -20,7 +20,7 @@ exports.addCacheHeadersToResult = function addCacheHeadersToResult({
20
20
  res.setHeader(
21
21
  "Content-Security-Policy",
22
22
  `default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;` +
23
- `script-src data: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: http: blob:;` +
23
+ `script-src 'self' https://cdnjs.cloudflare.com;` +
24
24
  `style-src data: 'unsafe-inline' https: http: blob:;` +
25
25
  `img-src data: https: http: blob:;` +
26
26
  `font-src data: https: http:;` +
@@ -60,7 +60,7 @@ exports.addCacheHeadersToResult = function addCacheHeadersToResult({
60
60
  res.setHeader(
61
61
  "Content-Security-Policy",
62
62
  `default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;` +
63
- `script-src data: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: http: blob:;` +
63
+ `script-src 'self' https://cdnjs.cloudflare.com;` +
64
64
  `style-src data: 'unsafe-inline' https: http: blob:;` +
65
65
  `img-src data: https: http: blob:;` +
66
66
  `font-src data: https: http:;` +
@@ -80,7 +80,7 @@ exports.addCacheHeadersToResult = function addCacheHeadersToResult({
80
80
  res.setHeader(
81
81
  "Content-Security-Policy",
82
82
  `default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;` +
83
- `script-src data: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: http: blob:;` +
83
+ `script-src 'self' https://cdnjs.cloudflare.com;` +
84
84
  `style-src data: 'unsafe-inline' https: http: blob:;` +
85
85
  `img-src data: https: http: blob:;` +
86
86
  `font-src data: https: http:;` +
package/test/integration/isomorphic-handler-test.js CHANGED
@@ -568,7 +568,7 @@ describe("Isomorphic Handler", function () {
568
568
  assert.equal(
569
569
  contentSecurityPolicy,
570
570
  `default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;` +
571
- `script-src data: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: http: blob:;` +
571
+ `script-src 'self' https://cdnjs.cloudflare.com;` +
572
572
  `style-src data: 'unsafe-inline' https: http: blob:;` +
573
573
  `img-src data: https: http: blob:;` +
574
574
  `font-src data: https: http:;` +
@@ -609,7 +609,7 @@ describe("Isomorphic Handler", function () {
609
609
  assert.equal(
610
610
  contentSecurityPolicy,
611
611
  `default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;` +
612
- `script-src data: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: http: blob:;` +
612
+ `script-src 'self' https://cdnjs.cloudflare.com;` +
613
613
  `style-src data: 'unsafe-inline' https: http: blob:;` +
614
614
  `img-src data: https: http: blob:;` +
615
615
  `font-src data: https: http:;` +
@@ -650,7 +650,7 @@ describe("Isomorphic Handler", function () {
650
650
  assert.equal(
651
651
  contentSecurityPolicy,
652
652
  `default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;` +
653
- `script-src data: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: http: blob:;` +
653
+ `script-src 'self' https://cdnjs.cloudflare.com;` +
654
654
  `style-src data: 'unsafe-inline' https: http: blob:;` +
655
655
  `img-src data: https: http: blob:;` +
656
656
  `font-src data: https: http:;` +
@@ -691,7 +691,7 @@ describe("Isomorphic Handler", function () {
691
691
  assert.equal(
692
692
  contentSecurityPolicy,
693
693
  `default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;` +
694
- `script-src data: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: http: blob:;` +
694
+ `script-src 'self' https://cdnjs.cloudflare.com;` +
695
695
  `style-src data: 'unsafe-inline' https: http: blob:;` +
696
696
  `img-src data: https: http: blob:;` +
697
697
  `font-src data: https: http:;` +