diff --git a/src/lib/middleware/secure-headers.ts b/src/lib/middleware/secure-headers.ts index cd5102378b..f674e97989 100644 --- a/src/lib/middleware/secure-headers.ts +++ b/src/lib/middleware/secure-headers.ts @@ -13,7 +13,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => { }, contentSecurityPolicy: { directives: { - defaultSrc: ["'self'", 'cdn.getunleash.io'], + defaultSrc: ["'self'", 'cdn.getunleash.io', 'gravatar.com'], fontSrc: [ "'self'", 'cdn.getunleash.io', @@ -37,6 +37,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => { ], }, }, + crossOriginEmbedderPolicy: false, }); } return (req, res, next) => { diff --git a/src/server-dev.ts b/src/server-dev.ts index 2d29a49676..f408dfaec2 100644 --- a/src/server-dev.ts +++ b/src/server-dev.ts @@ -24,6 +24,7 @@ process.nextTick(async () => { }, logLevel: LogLevel.debug, enableOAS: true, + // secureHeaders: true, versionCheck: { enable: false, },