fix: make sure our CSP allow gravatar.com for images

2025-10-27 11:02:16 +01:00 · 2022-01-12 23:22:04 +01:00 · 2022-01-12 23:22:04 +01:00 · 4a5b332567
commit 4a5b332567
parent 12e78663b0
2 changed files with 3 additions and 1 deletions
--- a/src/lib/middleware/secure-headers.ts
+++ b/src/lib/middleware/secure-headers.ts
@ -13,7 +13,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
            },
            contentSecurityPolicy: {
                directives: {
-                    defaultSrc: ["'self'", 'cdn.getunleash.io'],
+                    defaultSrc: ["'self'", 'cdn.getunleash.io', 'gravatar.com'],
                    fontSrc: [
                        "'self'",
                        'cdn.getunleash.io',
@ -37,6 +37,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
                    ],
                },
            },
+            crossOriginEmbedderPolicy: false,
        });
    }
    return (req, res, next) => {
--- a/src/server-dev.ts
+++ b/src/server-dev.ts
@ -24,6 +24,7 @@ process.nextTick(async () => {
                },
                logLevel: LogLevel.debug,
                enableOAS: true,
+                // secureHeaders: true,
                versionCheck: {
                    enable: false,
                },