Stock Price Checker with CSP issue

Hi,
I finished with the stock price checker challenge.

Glitch
Please test it. If find any bug I try to fix. On client console I have an error what I could not resolve. I tried everything but still appear… If you know how to resolve, please help me. The problem is in the helmet CSP code: I am run out from ideas…

app.use(helmet.contentSecurityPolicy({
  directives: {
    defaultSrc: ["'self'"],
    styleSrc: ["'self'", "'unsafe-inline'"],
    scriptSrc: ["'self'", "'unsafe-inline'", "code.jquery.com"],
    imgSrc: ["'self'", "hyperdev.com", "glitch.com"]
  },
  browserSniff: false
}));

https://outrageous-watercress.glitch.me/api/stock-prices

  • bad: shows an raw error

https://outrageous-watercress.glitch.me/api/stock-prices?stock=a
= ok

https://outrageous-watercress.glitch.me/api/stock-prices?stock=a&like=true
= ok

https://outrageous-watercress.glitch.me/api/stock-prices?stock=aaaaaaaaaaa
https://outrageous-watercress.glitch.me/api/stock-prices?stock=aaaaaaaaaaaa&stock=bbbbbbbbbbbbbb
= ok

https://outrageous-watercress.glitch.me/api/stock-prices?stock=b
= ok

https://outrageous-watercress.glitch.me/api/stock-prices?stock=a&stock=b

  • A has 2 Likes and B 1 like
  • A: “rel_likes”: 1
  • B: “rel_likes”: -1
    I didn’t understand the idea of rel_likes, but 2-1=1 and 1-2=-1 so it seems to be correct

  • I don’t have an error in my chrome browser.
  • I also added your helmet-stuff in another project and I did NOT get a server error.

Thanks for your time. I corrected the server error:
https://outrageous-watercress.glitch.me/api/stock-prices
Now the response is: Invalid user input..
The example project response with an object but I think so better to handle as an error the empty input… In first look the https://sphenoid-crater.glitch.me/api/stock-prices store in the database also the empty query… strange.