From aa1e0ccb2d04be967d1069fa1f633e47dec7912e Mon Sep 17 00:00:00 2001
From: Dave Wasmer <davewasmer@gmail.com>
Date: Sat, 4 Mar 2017 19:18:32 -0700
Subject: [PATCH] fix: remove CSP middleware, doesn't make sense for an API

---
 config/middleware.ts | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/config/middleware.ts b/config/middleware.ts
index 1fa67a62..4500a46e 100644
--- a/config/middleware.ts
+++ b/config/middleware.ts
@@ -65,19 +65,6 @@ export default function baseMiddleware(router: Router, application: Application)
     router.use(cors(config.cors));
   }
 
-  if (isEnabled('csp')) {
-    let cspConfig: any = defaultsDeep<{ [key: string]: any }, { [key: string]: any }>(config.csp, {
-      directives: { reportUri: '/_report-csp-violations' },
-      reportOnly: application.environment === 'development',
-      disableAndroid: true
-    });
-    router.use(helmet.contentSecurityPolicy(cspConfig));
-    if (config.csp && config.csp.useDummyReportingEndpoint) {
-      // TODO create an action in the app/ dir to handle this (allows for user overrides then too)
-      // router.post(cspConfig.directives.reportUri, (req: IncomingMessage, res: ServerResponse) => res.sendStatus(200));
-    }
-  }
-
   if (isEnabled('xssFilter')) {
     router.use(helmet.xssFilter());
   }