From e54c6fcb2f959d68a22710d4da56a4dffc695c50 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <mrdillon@alaska.edu>
Date: Thu, 12 Nov 2015 07:08:14 -0700
Subject: [PATCH] Bring back CSP

---
 config/environment.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/config/environment.js b/config/environment.js
index 752e4c9..f163a3d 100644
--- a/config/environment.js
+++ b/config/environment.js
@@ -24,6 +24,15 @@ module.exports = function(environment) {
       routeAfterAuthentication: 'protected.compare',
       routeIfAlreadyAuthenticated: 'protected.compare',
     },
+    contentSecurityPolicy: {
+      'default-src': "'none'",
+      'script-src': "'self'",
+      'font-src': "'self'",
+      'connect-src': "'self'",
+      'img-src': "'self'",
+      'style-src': "'self' 'unsafe-inline'",
+      'media-src': "'self'"
+    }
   };
 
   var apiURL;
@@ -52,6 +61,7 @@ module.exports = function(environment) {
   }
 
   ENV.apiURL = apiURL;
+  ENV.contentSecurityPolicy['connect-src'] = `'self' ${apiURL}`;
 
   return ENV;
 };