none -> 'none'

shyransystems · Apr 7, 2014 · dbdda98 · dbdda98
1 parent ea6bf57
commit dbdda98
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/server.coffee b/server.coffee
@@ -38,7 +38,7 @@ started_at          = new Date
 default_security_headers =
   "X-Frame-Options": "deny"
   "X-Content-Type-Options": "nosniff"
-  "Content-Security-Policy": "none"
+  "Content-Security-Policy": "'none'"
   "Strict-Transport-Security" : "max-age=31536000; includeSubDomains"
 
 four_oh_four = (resp, msg, url) ->

diff --git a/server.js b/server.js
diff --git a/test/proxy_test.rb b/test/proxy_test.rb
@@ -67,14 +67,14 @@ def test_always_sets_security_headers
     ['/', '/status'].each do |path|
       response = RestClient.get("#{config['host']}#{path}")
       assert_equal "deny", response.headers[:x_frame_options]
-      assert_equal "none", response.headers[:content_security_policy]
+      assert_equal "'none'", response.headers[:content_security_policy]
       assert_equal "nosniff", response.headers[:x_content_type_options]
       assert_equal "max-age=31536000; includeSubDomains", response.headers[:strict_transport_security]
     end
 
     response = request('http://dl.dropbox.com/u/602885/github/soldier-squirrel.jpg')
     assert_equal "deny", response.headers[:x_frame_options]
-    assert_equal "none", response.headers[:content_security_policy]
+    assert_equal "'none'", response.headers[:content_security_policy]
     assert_equal "nosniff", response.headers[:x_content_type_options]
     assert_equal "max-age=31536000; includeSubDomains", response.headers[:strict_transport_security]
   end