From b0fdaaaa79e3135699c51effac0388d8ec5ab23b Mon Sep 17 00:00:00 2001
From: Mihajlo Medjedovic <mihajlo.medjedovic@outlook.com>
Date: Tue, 10 May 2022 10:04:01 +0000
Subject: [PATCH 1/2] fix: helmet config on http mode

---
 .gitignore     | 1 +
 api/src/app.ts | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 00a8877..7595311 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ sasjscore/
 certificates/
 executables/
 .env
+api/csp.config.json
diff --git a/api/src/app.ts b/api/src/app.ts
index 262b510..933f32c 100644
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -35,9 +35,10 @@ export const cookieOptions = {
   maxAge: 24 * 60 * 60 * 1000 // 24 hours
 }
 
-const cspConfigJson = getEnvCSPDirectives(HELMET_CSP_CONFIG_PATH)
+const cspConfigJson: any = getEnvCSPDirectives(HELMET_CSP_CONFIG_PATH)
 const coepFlag =
   HELMET_COEP === 'true' || HELMET_COEP === undefined ? true : false
+if (PROTOCOL === 'http') cspConfigJson['upgrade-insecure-requests'] = null
 
 /***********************************
  *         CSRF Protection         *

From 24d7f00c02e54e97ff52876e807723c4f88cdf1f Mon Sep 17 00:00:00 2001
From: Mihajlo Medjedovic <mihajlo.medjedovic@outlook.com>
Date: Tue, 10 May 2022 10:13:57 +0000
Subject: [PATCH 2/2] chore: type fix

---
 api/src/app.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/app.ts b/api/src/app.ts
index 933f32c..a41895c 100644
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -35,7 +35,9 @@ export const cookieOptions = {
   maxAge: 24 * 60 * 60 * 1000 // 24 hours
 }
 
-const cspConfigJson: any = getEnvCSPDirectives(HELMET_CSP_CONFIG_PATH)
+const cspConfigJson: { [key: string]: string[] | null } = getEnvCSPDirectives(
+  HELMET_CSP_CONFIG_PATH
+)
 const coepFlag =
   HELMET_COEP === 'true' || HELMET_COEP === undefined ? true : false
 if (PROTOCOL === 'http') cspConfigJson['upgrade-insecure-requests'] = null