josh/Catalyst
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 13 Wiki Activity

server/server.js — added helmet with CSP configured to allow Google Fonts
All checks were successful
Build / test (push) Successful in 9m29s
Details
Build / release (push) Successful in 1s
Details
Build / build (push) Successful in 32s
Details

Browse Source 
Dockerfile — creates a non-root app user and runs the process under it
server/routes.js — tailscale_ip validated against IPv4 regex (empty string still allowed)
index.html — sql.js CDN script tag already removed earlier in this session
This commit is contained in:
Josh Wright
2026-03-28 09:20:24 -04:00
parent 6e40413385
commit 79adc365d8
7 changed files with 36 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/server.js
View File

@@ -1,4 +1,5 @@
import express from 'express';
import helmet from 'helmet';
import { fileURLToPath } from 'url';
import { dirname, join } from 'path';
import { router } from './routes.js';
@@ -8,6 +9,15 @@ const PORT = process.env.PORT ?? 3000;
export const app = express();
app.use(helmet({
contentSecurityPolicy: {
directives: {
...helmet.contentSecurityPolicy.getDefaultDirectives(),
'style-src': ["'self'", 'https://fonts.googleapis.com'],
'font-src': ["'self'", 'https://fonts.gstatic.com'],
},
},
}));
app.use(express.json());
// API