Add default stubs for Content-Security-Policy

Author: snuggs

middleware/policy.es

@@ -1,8 +1,10 @@
 const
+
   policies = [
-    `default-src 'none';`
+    `default-src 'none';` // `default-src 'self' https://${domain};`
   ]
 
+
 module.exports = options =>
 
   async (context, next) => {

middleware/policy.test

@@ -23,6 +23,9 @@ test ("Content-Security-Policy: default-src 'none';", async t => {
 })
 
 
-test ("Content-Security-Policy: script-src 'self';")
+test ("Content-Security-Policy: frame-src 'self';")
+test ("Content-Security-Policy: style-src 'self';")
 test ("Content-Security-Policy: img-src 'self' https://cdn.example.com;")
+test ("Content-Security-Policy: script-src 'self';")
 test ("Content-Security-Policy: connect-src 'self';")
+test ("Content-Security-Policy: report-uri 'self';")