blob: c97fdbdeb4b909ff7f4ae51a749b3079586a1d8a [file] [log] [blame] [raw]
// Copyright (c) 2012-2018, Rubén Rincón
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// * Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.
const _ = require('underscore-node');
const data = {
'default-src': ["'self'", "'report-sample'", 'https://*.godbolt.org', 'localhost:*'],
'style-src': ["'self'", "'unsafe-inline'", "'report-sample'", 'https://*.godbolt.org', 'localhost:*'],
'script-src': ["'self'", "'unsafe-inline'", "'report-sample'", 'data:', 'https://*.godbolt.org', 'localhost:*', 'https://*.twitter.com', 'https://www.fullstory.com',
'https://www.google-analytics.com', 'https://apis.google.com', 'https://ssl.google-analytics.com'],
'img-src': ["'self'", 'https://*.godbolt.org', 'localhost:*', 'data:', 'https://www.google-analytics.com/' , 'https://syndication.twitter.com',
'https://ssl.google-analytics.com', 'https://csi.gstatic.com'],
'font-src': ["'self'", 'data:', 'https://*.godbolt.org', 'localhost:*', 'https://fonts.gstatic.com', 'https://themes.googleusercontent.com'],
'frame-src': ["'self'", 'https://*.godbolt.org', 'localhost:*', 'https://www.google-analytics.com', 'https://accounts.google.com/',
'https://content.googleapis.com/', 'https://rs.fullstory.com/', 'https://sentry.io', 'https://platform.twitter.com/',
'https://syndication.twitter.com/'],
'report-uri': ['https://sentry.io/api/102028/csp-report/?sentry_key=849826dce97d4d1eae26df64061ec4bb'],
'connect-src': ['*'],
'media-src': ['https://ssl.gstatic.com']
};
module.exports = {
policy: _.map(data, (value, policyKey) => `${policyKey} ${value.join(' ')}`).join(';')
};