From 325cee604437221ebc57de73ef8de20957bdeff8 Mon Sep 17 00:00:00 2001
From: Mohamed Dawoud <113205913+mdawoud27@users.noreply.github.com>
Date: Wed, 2 Jul 2025 17:36:35 +0300
Subject: [PATCH] fix: Potential fix for code scanning alert no. 16 - Insecure
 configuration of Helmet security middleware

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/__tests__/mocks/index.mock.js | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/__tests__/mocks/index.mock.js b/src/__tests__/mocks/index.mock.js
index 85a39fb..c935992 100644
--- a/src/__tests__/mocks/index.mock.js
+++ b/src/__tests__/mocks/index.mock.js
@@ -40,7 +40,17 @@ app.use(passport.session());
 app.use(cors({ origin: '*', credentials: true }));
 
 // Security
-app.use(helmet({ contentSecurityPolicy: false }));
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        "default-src": ["'self'"],
+        "script-src": ["'self'"],
+        "style-src": ["'self'"],
+      },
+    },
+  })
+);
 
 // Logging - minimal in test environment
 app.use(morgan('dev'));