frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed
workerSrc: ["'self'", 'blob:'] // instead of deprecated child-src
},
frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed
workerSrc: ["'self'", 'blob:'] // instead of deprecated child-src
},
CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {}
)
const baseCSP = helmet.contentSecurityPolicy({
directives: baseDirectives,
browserSniff: false,
CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {}
)
const baseCSP = helmet.contentSecurityPolicy({
directives: baseDirectives,
browserSniff: false,