Feature/content security policy header (#24)

* add CSP header * debugging CSP header, allow all * move setHeader to routes.js * finish with next() * set CSP-header to *.amsterdam.nl * add *.openstad.org to CSP header
Amsterdam · Oct 22, 2024 · 3527431 · 3527431
1 parent 9d2cd39
commit 3527431
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/routes/routes.js b/routes/routes.js
@@ -154,6 +154,10 @@ module.exports = function (app) {
         next();
     });
 
+    app.use((req, res, next) => {
+      res.setHeader("Content-Security-Policy", "frame-ancestors 'self' *.amsterdam.nl *.openstad.org")
+      next()
+    })    
 
     app.get('/', authLocal.index);