From 2b1b2570344cfb55ba93b6f184bd3ee6db324419 Mon Sep 17 00:00:00 2001
From: Igor Minar <igor@angularjs.org>
Date: Fri, 27 Apr 2012 15:20:34 -0700
Subject: [PATCH] chore(server.js): Add CSP support

The support is disabled by default, uncomment relevant lines to enable
it.
---
 lib/nodeserver/server.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/nodeserver/server.js b/lib/nodeserver/server.js
index e9bdef5bb0dd..59765839b089 100644
--- a/lib/nodeserver/server.js
+++ b/lib/nodeserver/server.js
@@ -190,6 +190,9 @@ StaticServlet.prototype.sendFile_ = function(req, res, path) {
   var self = this;
   var file = fs.createReadStream(path);
   res.writeHead(200, {
+    // CSP headers, uncomment to enable CSP
+    //"X-WebKit-CSP": "default-src 'self';",
+    //"X-Content-Security-Policy": "default-src 'self'",
     'Content-Type': StaticServlet.
       MimeMap[path.split('.').pop()] || 'text/plain'
   });