Tell us what’s happening:
Hello,
My project passes all the tests except the one that says
“You should set the content security policies to only allow loading of scripts and CSS from your server.”
In my project I am requiring helmet, then add helmet.contentSecurityPolicy to express middlewares like below:
app.use(helmet.contentSecurityPolicy({ directives: { defaultSrc: ["'self'"], scriptSrc: ["'self'"] }} ))
In Chrome developer’s console I do not get any error so I am stuck. Please help.
Here is my repl.it that passes all but second test:
Here is my github for the project:
Your code so far
Your browser information:
User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36.
Challenge: Stock Price Checker
Link to the challenge: