From 518d140aef3d1d23a1df70e101a9ef62b8882f7a Mon Sep 17 00:00:00 2001
From: Matthew Dillon <mrdillon@alaska.edu>
Date: Wed, 28 Jan 2015 12:14:46 -0900
Subject: [PATCH] Dev: set up CSP

---
 config/environment.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/config/environment.js b/config/environment.js
index c61fce3..43ef4fb 100644
--- a/config/environment.js
+++ b/config/environment.js
@@ -30,6 +30,15 @@ module.exports = function(environment) {
       crossOriginWhitelist: ['http://127.0.0.1:8901']
     }
     ENV.apiURL = 'http://127.0.0.1:8901';
+    ENV.contentSecurityPolicy = {
+      'default-src': "'none'",
+      'script-src': "'self'",
+      'font-src': "'self'",
+      'connect-src': "'self' http://127.0.0.1:8901",
+      'img-src': "'self'",
+      'style-src': "'self'",
+      'media-src': "'self'"
+    }
   }
 
   if (environment === 'test') {