const fs = require('fs')
const YAML = require('yaml')

const helmet = require('helmet')

module.exports = (path) => {
  const csppolicy = fs.readFileSync(path, 'utf8')
  const csp = YAML.parse(csppolicy)

  return helmet({
    contentSecurityPolicy: {
      useDefaults: false,
      directives: csp,
    },
    xFrameOptions: 'SAMEORIGIN',
  })
}