mozilla / blurts-server / #12980

#12980

push

circleci

Vinnl 
Add redundant social media preview tags

Not all social media websites implement the same (or any) fallbacks
for preview cards, so we have to add them redundantly to make sure
they show up everywhere.

282 of 1595 branches covered (17.68%)

Branch coverage included in aggregate %.

959 of 4308 relevant lines covered (22.26%)

1.85 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/routes/email-l10n.js
1 
'use strict'
2 
const express = require('express')
×
3 
const helmet = require('helmet')
×
4 
const { getEmailMockup, sendTestEmail, notFound } = require('../controllers/email-l10n')
×
5 
const { requireAdminUser } = require('../middleware')
×
6 
const csrf = require('csurf')
×
7 









8



const csrfProtection = csrf()




×







9



const router = express.Router()




×







10



const cspUnsafeInline = {




×







11



  directives: {










12



    defaultSrc: ["'self'"],










13



    scriptSrc: ["'self'"],










14



    styleSrc: ["'self'", "'unsafe-inline'"],










15



    imgSrc: ["'self'", 'https://monitor.cdn.mozilla.net/'],










16



    objectSrc: ["'none'"],










17



    formAction: ["'self'"]










18



  }










19



}










20












21



// Route needs unsafe-inline because inline styles are required as best-practice for HTML email styling.










22



// Route requires admin user and is not enabled for production.










23



router.get('/', requireAdminUser, csrfProtection, helmet.contentSecurityPolicy(cspUnsafeInline), getEmailMockup)




×







24



router.post('/send-test-email', express.urlencoded({ extended: false }), csrfProtection, requireAdminUser, sendTestEmail)




×







25



router.use(notFound)




×







26












27



module.exports = router




×





















    

  • 

    •