Feature/content security policy header (#24)

* add CSP header

* debugging CSP header, allow all

* move setHeader to routes.js

* finish with next()

* set CSP-header to *.amsterdam.nl

* add *.openstad.org to CSP header

Author: IanR01

routes/routes.js

@@ -154,6 +154,10 @@ module.exports = function (app) {
         next();
     });
 
+    app.use((req, res, next) => {
+      res.setHeader("Content-Security-Policy", "frame-ancestors 'self' *.amsterdam.nl *.openstad.org")
+      next()
+    })    
 
     app.get('/', authLocal.index);