From 8f640377a5b52dc6fd5e618bd261f728f881e26c Mon Sep 17 00:00:00 2001
From: Chelsea Bridson <bridsonc@msu.edu>
Date: Tue, 1 Nov 2016 16:35:27 -0400
Subject: [PATCH] add directives key to helmet contentSecurityPolicy

- src/server/server.js
moved some existing properties into the directives key
---
 src/server/server.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/server/server.js b/src/server/server.js
index 087a353..faee9a5 100644
--- a/src/server/server.js
+++ b/src/server/server.js
@@ -66,13 +66,15 @@ var styleSources = ["'self'", "'unsafe-inline'", "ajax.googleapis.com"];
 var connectSources = ["'self'"];
 
 server.use(helmet.contentSecurityPolicy({
+  directives: {
     defaultSrc: ["'self'"],
     scriptSrc: scriptSources,
     styleSrc: styleSources,
     connectSrc: connectSources,
-    reportOnly: false,
-    setAllHeaders: false,
-    safari5: false
+  },
+  reportOnly: false,
+  setAllHeaders: false,
+  safari5: false
 }));
 
 server.use(methodOverride());