deps: [email protected]

Author: dougwilson

History.md

@@ -35,9 +35,10 @@ unreleased
     - deps: range-parser@~1.2.1
     - deps: statuses@~1.5.0
     - perf: remove redundant `path.normalize` call
-  * deps: [email protected]
+  * deps: [email protected]
+    - Set stricter CSP header in redirect response
     - deps: parseurl@~1.3.3
-    - deps: [email protected].0
+    - deps: [email protected].1
   * deps: [email protected]
   * deps: statuses@~1.5.0
     - Add `103 Early Hints`

package.json

@@ -51,7 +51,7 @@
     "range-parser": "~1.2.0",
     "safe-buffer": "5.1.2",
     "send": "0.17.1",
-    "serve-static": "1.14.0",
+    "serve-static": "1.14.1",
     "setprototypeof": "1.1.1",
     "statuses": "~1.5.0",
     "type-is": "~1.6.18",

test/express.static.js

@@ -513,7 +513,7 @@ describe('express.static()', function () {
     it('should respond with default Content-Security-Policy', function (done) {
       request(this.app)
         .get('/users')
-        .expect('Content-Security-Policy', "default-src 'self'")
+        .expect('Content-Security-Policy', "default-src 'none'")
         .expect(301, done)
     })