fix(upload): appStream uses CSRF + Session authentication

2026-01-03 21:10:05 +00:00 · 2022-05-02 18:01:28 +05:00
parent a07f47a1ba
commit 1f89279264
10 changed files with 78 additions and 74 deletions
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -41,7 +41,16 @@ export const csrfProtection = csrf({ cookie: cookieOptions })
 /***********************************
 *   Handle security and origin    *
 ***********************************/
-app.use(helmet())
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        ...helmet.contentSecurityPolicy.getDefaultDirectives(),
+        'script-src': ["'self'", "'unsafe-inline'"]
+      }
+    }
+  })
+)

 /***********************************
 *         Enabling CORS           *