Information Security Projects - Stock Price Checker tester failing at second check

JavaScript
#1

Tell us what’s happening:
Hello,

My project passes all the tests except the one that says
“You should set the content security policies to only allow loading of scripts and CSS from your server.”

In my project I am requiring helmet, then add helmet.contentSecurityPolicy to express middlewares like below:

app.use(helmet.contentSecurityPolicy({ directives: { defaultSrc: ["'self'"], scriptSrc: ["'self'"] }} ))

In Chrome developer’s console I do not get any error so I am stuck. Please help.

Here is my repl.it that passes all but second test:

Here is my github for the project:

Your code so far

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36.

Challenge: Stock Price Checker

Link to the challenge:

OutgoingMessage.prototype._headers is depreciated, in stock price checker project
#2

I have solved the issue. Apparently I also had to add styleSrc:["‘self’"] to the directives.

helmet’s own documentation doesn’t mention a styleSrc directive, but apparently freeCodeCamp tester checks for that.

1 Like
#3

Thank you, just had the same error!