Update csp_nonce.js

jmrplens · Jun 4, 2023 · c2550d4 · c2550d4
1 parent 35e25a6
commit c2550d4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/js/csp_nonce.js b/js/csp_nonce.js
@@ -3,7 +3,7 @@ app.get('/', function(request, response) {
     // Generate a new random nonce value for every response.
     const nonce = crypto.randomBytes(16).toString("base64");
     // Set the strict nonce-based CSP response header
-    const csp = `script-src 'nonce-${nonce}' 'strict-dynamic' https: static.cloudflareinsights.com; connect-src cloudflareinsights.com; object-src 'none'; base-uri 'none';`;
+    const csp = `script-src 'nonce-${nonce}' 'strict-dynamic' static.cloudflareinsights.com; connect-src cloudflareinsights.com; object-src 'none'; base-uri 'none';`;
     response.set("Content-Security-Policy", csp);
     // Every <script> tag in your application should set the `nonce` attribute to this value.
     response.render(template, { nonce: nonce });