1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

fix: make sure our CSP allow gravatar.com for images

This commit is contained in:
Ivar Conradi Østhus 2022-01-12 23:22:04 +01:00
parent 12e78663b0
commit 4a5b332567
No known key found for this signature in database
GPG Key ID: 31AC596886B0BD09
2 changed files with 3 additions and 1 deletions

View File

@ -13,7 +13,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
},
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'", 'cdn.getunleash.io'],
defaultSrc: ["'self'", 'cdn.getunleash.io', 'gravatar.com'],
fontSrc: [
"'self'",
'cdn.getunleash.io',
@ -37,6 +37,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
],
},
},
crossOriginEmbedderPolicy: false,
});
}
return (req, res, next) => {

View File

@ -24,6 +24,7 @@ process.nextTick(async () => {
},
logLevel: LogLevel.debug,
enableOAS: true,
// secureHeaders: true,
versionCheck: {
enable: false,
},