1 files changed, 9 insertions, 7 deletions
diff --git a/server.ts b/server.ts
index b50151859..c450d5b6e 100644
--- a/server.ts
+++ b/server.ts
@@ -55,13 +55,15 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
 // Security middleware
 import { baseCSP } from './server/middlewares'
-app.use(baseCSP)
+if (CONFIG.CSP.ENABLED) {
-app.use(helmet({
+  app.use(baseCSP)
-  frameguard: {
+  app.use(helmet({
-    action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
+    frameguard: {
-  },
+      action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
-  hsts: false
+    },
-}))
+    hsts: false
+  }))
+}
 // ----------- Database -----------

diff --git a/server.ts b/server.ts index b50151859..c450d5b6e 100644 --- a/server.ts +++ b/server.ts
@@ -55,13 +55,15 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
55	// Security middleware	55	// Security middleware
56	import { baseCSP } from './server/middlewares'	56	import { baseCSP } from './server/middlewares'
57		57
58	app.use(baseCSP)	58	if (CONFIG.CSP.ENABLED) {
59	app.use(helmet({	59	app.use(baseCSP)
60	frameguard: {	60	app.use(helmet({
61	action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts	61	frameguard: {
62	},	62	action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
63	hsts: false	63	},
64	}))	64	hsts: false
		65	}))
		66	}
65		67
66	// ----------- Database -----------	68	// ----------- Database -----------
67		69