allow inline styles. fixes #644

2017-11-15 10:54:13 -08:00 · 2017-11-15 10:54:13 -08:00 · b54f4575ee
parent 490a1e88eb
commit b54f4575ee
1 changed files with 20 additions and 22 deletions
--- a/server/routes/index.js
+++ b/server/routes/index.js
@ -42,28 +42,26 @@ module.exports = function(app) {
      force: !IS_DEV
    })
  );
-  if (!IS_DEV) {
-    app.use(
-      helmet.contentSecurityPolicy({
-        directives: {
-          defaultSrc: ["'self'"],
-          connectSrc: [
-            "'self'",
-            'https://sentry.prod.mozaws.net',
-            'https://www.google-analytics.com'
-          ],
-          imgSrc: ["'self'", 'https://www.google-analytics.com'],
-          scriptSrc: ["'self'"],
-          styleSrc: ["'self'", 'https://code.cdn.mozilla.net'],
-          fontSrc: ["'self'", 'https://code.cdn.mozilla.net'],
-          formAction: ["'none'"],
-          frameAncestors: ["'none'"],
-          objectSrc: ["'none'"],
-          reportUri: '/__cspreport__'
-        }
-      })
-    );
-  }
+  app.use(
+    helmet.contentSecurityPolicy({
+      directives: {
+        defaultSrc: ["'self'"],
+        connectSrc: [
+          "'self'",
+          'https://sentry.prod.mozaws.net',
+          'https://www.google-analytics.com'
+        ],
+        imgSrc: ["'self'", 'https://www.google-analytics.com'],
+        scriptSrc: ["'self'"],
+        styleSrc: ["'self'", "'unsafe-inline'", 'https://code.cdn.mozilla.net'],
+        fontSrc: ["'self'", 'https://code.cdn.mozilla.net'],
+        formAction: ["'none'"],
+        frameAncestors: ["'none'"],
+        objectSrc: ["'none'"],
+        reportUri: '/__cspreport__'
+      }
+    })
+  );
  app.use(
    busboy({
      limits: {