From fbd10ddc37c511e26419e92a248d84fe2cf5b90b Mon Sep 17 00:00:00 2001
From: Walter Moar <Walter.Moar@gov.bc.ca>
Date: Fri, 14 Feb 2025 23:01:36 +0000
Subject: [PATCH] fix: move the set header to attempt better coverage

---
 app/app.js | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/app/app.js b/app/app.js
index 83b9ad321..84da383bb 100644
--- a/app/app.js
+++ b/app/app.js
@@ -27,6 +27,13 @@ const state = {
 
 let probeId;
 const app = express();
+
+// Set the CSP header so that external media cannot be displayed in the forms.
+app.use((_req, res, next) => {
+  res.setHeader('Content-Security-Policy', "default-src 'self'");
+  next();
+});
+
 app.use(compression());
 app.use(express.json({ limit: config.get('server.bodyLimit') }));
 app.use(express.urlencoded({ extended: true }));
@@ -59,12 +66,6 @@ app.use((_req, res, next) => {
 
 app.use(config.get('server.basePath') + config.get('server.apiPath'), rateLimiter);
 
-// Set the CSP header so that external media cannot be displayed in the forms.
-app.use((_req, res, next) => {
-  res.setHeader('Content-Security-Policy', "default-src 'self'");
-  next();
-});
-
 // Frontend configuration endpoint
 apiRouter.use('/config', (_req, res, next) => {
   try {