fix: make sure our CSP allow gravatar.com for images

src/lib/middleware/secure-headers.ts

@@ -13,7 +13,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
             },
             contentSecurityPolicy: {
                 directives: {
-                    defaultSrc: ["'self'", 'cdn.getunleash.io'],
+                    defaultSrc: ["'self'", 'cdn.getunleash.io', 'gravatar.com'],
                     fontSrc: [
                         "'self'",
                         'cdn.getunleash.io',
@@ -37,6 +37,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
                     ],
                 },
             },
+            crossOriginEmbedderPolicy: false,
         });
     }
     return (req, res, next) => {

src/server-dev.ts

@@ -24,6 +24,7 @@ process.nextTick(async () => {
                 },
                 logLevel: LogLevel.debug,
                 enableOAS: true,
+                // secureHeaders: true,
                 versionCheck: {
                     enable: false,
                 },