fix(CSP): unsafe-eval in default-src

2025-12-13 04:37:36 +01:00 · 2025-12-12 16:56:24 -06:00
parent f51f0a0c93
commit 023d9886c8
1 changed files with 1 additions and 3 deletions
--- a/website/server/middlewares/index.js
+++ b/website/server/middlewares/index.js
@@ -69,6 +69,7 @@ export default function attachMiddlewares (app, server) {
    contentSecurityPolicy: {
      directives: {
        defaultSrc: [
+          '\'unsafe-eval\'',
          '*.amazonaws.com',
          '*.habitica.com',
          'cloudfront.loggly.com',
@@ -77,9 +78,6 @@ export default function attachMiddlewares (app, server) {
          'static-na.payments-amazon.com',
        ],
        imgSrc: '*',
-        scriptSrc: [
-          '\'unsafe-eval\'',
-        ],
        upgradeInsecureRequests: IS_PROD ? [] : null,
      },
    },