From bdda2fbfe69b109fa106e39df5035b491b9f10b8 Mon Sep 17 00:00:00 2001
From: Thibaut Courouble <thibaut@me.com>
Date: Sat, 4 Jun 2016 10:35:29 -0400
Subject: [PATCH] Enforce CSP in dev environment

---
 lib/app.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/app.rb b/lib/app.rb
index 5308f54d..d1856fad 100644
--- a/lib/app.rb
+++ b/lib/app.rb
@@ -66,6 +66,8 @@ class App < Sinatra::Application
     use BetterErrors::Middleware
     BetterErrors.application_root = File.expand_path('..', __FILE__)
     BetterErrors.editor = :sublime
+
+    set :csp, "default-src 'self' *; script-src 'self' 'unsafe-inline' *; font-src data:; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:;"
   end
 
   configure :production do