sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-06 22:20:06 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #165 from sasjs/issue-164

Browse Source 
fix: helmet config on http mode
This commit is contained in:
Allan Bowe
2022-05-10 14:01:40 +03:00
committed by GitHub
parent 2467616296 24d7f00c02
commit c61fec47c4
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -11,3 +11,4 @@ sasjscore/
certificates/ certificates/
executables/ executables/
.env .env
api/csp.config.json

5
api/src/app.ts
View File

@@ -35,9 +35,12 @@ export const cookieOptions = {
maxAge: 24 * 60 * 60 * 1000 // 24 hours maxAge: 24 * 60 * 60 * 1000 // 24 hours
} }
const cspConfigJson = getEnvCSPDirectives(HELMET_CSP_CONFIG_PATH) const cspConfigJson: { [key: string]: string[] | null } = getEnvCSPDirectives(
HELMET_CSP_CONFIG_PATH
)
const coepFlag = const coepFlag =
HELMET_COEP === 'true' || HELMET_COEP === undefined ? true : false HELMET_COEP === 'true' || HELMET_COEP === undefined ? true : false
if (PROTOCOL === 'http') cspConfigJson['upgrade-insecure-requests'] = null
/*********************************** /***********************************
* CSRF Protection * * CSRF Protection *