From ec8fd9436f2315311476710ad6ac2485048eba2e Mon Sep 17 00:00:00 2001
From: Javier Aviles <avileslopez.javier@gmail.com>
Date: Tue, 25 May 2021 18:12:22 +0200
Subject: [PATCH 1/3] Customize helmet CSP

---
 src/server.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/server.ts b/src/server.ts
index 71ff734..d8c02f1 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -36,7 +36,15 @@ createConnection(connectionOptions).then(async () => {
     const app = new Koa();
 
     // Provides important security headers to make your app more secure
-    app.use(helmet());
+    app.use(helmet.contentSecurityPolicy({
+        directives:{
+          defaultSrc:["'self'"],
+          scriptSrc:["'self'", "'unsafe-inline'", "cdnjs.cloudflare.com"],
+          styleSrc:["'self'", "'unsafe-inline'", "cdnjs.cloudflare.com", "fonts.googleapis.com"],
+          fontSrc:["'self'","fonts.gstatic.com"],
+          imgSrc:["'self'", "data:"]
+        }
+    }));
 
     // Enable cors with default options
     app.use(cors());

From ec385bc2386c5cacf6aafcb2db9c7517cd48d77f Mon Sep 17 00:00:00 2001
From: Javier Aviles <avileslopez.javier@gmail.com>
Date: Tue, 25 May 2021 18:20:15 +0200
Subject: [PATCH 2/3] Additional CSP exception

---
 src/server.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server.ts b/src/server.ts
index d8c02f1..535bd50 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -42,7 +42,7 @@ createConnection(connectionOptions).then(async () => {
           scriptSrc:["'self'", "'unsafe-inline'", "cdnjs.cloudflare.com"],
           styleSrc:["'self'", "'unsafe-inline'", "cdnjs.cloudflare.com", "fonts.googleapis.com"],
           fontSrc:["'self'","fonts.gstatic.com"],
-          imgSrc:["'self'", "data:"]
+          imgSrc:["'self'", "data:", "online.swagger.io"]
         }
     }));
 

From bf969d98d10b187c17b92bdbbca38d793ef2eebe Mon Sep 17 00:00:00 2001
From: Javier Aviles <avileslopez.javier@gmail.com>
Date: Tue, 25 May 2021 18:30:27 +0200
Subject: [PATCH 3/3] Additional CSP exception

---
 src/server.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server.ts b/src/server.ts
index 535bd50..b339c0b 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -42,7 +42,7 @@ createConnection(connectionOptions).then(async () => {
           scriptSrc:["'self'", "'unsafe-inline'", "cdnjs.cloudflare.com"],
           styleSrc:["'self'", "'unsafe-inline'", "cdnjs.cloudflare.com", "fonts.googleapis.com"],
           fontSrc:["'self'","fonts.gstatic.com"],
-          imgSrc:["'self'", "data:", "online.swagger.io"]
+          imgSrc:["'self'", "data:", "online.swagger.io", "validator.swagger.io"]
         }
     }));