Fix content security policy (why?)

2024-02-02 16:51:11 +02:00 · 2024-02-02 16:51:11 +02:00 · da2759c055
parent b1a7e04158
commit da2759c055
1 changed files with 4 additions and 1 deletions
--- a/strapi/config/middlewares.ts
+++ b/strapi/config/middlewares.ts
@ -7,7 +7,10 @@ export default [
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
-          'connect-src': ["'self'", 'http:', 'https:'],
+          'connect-src': ["'self'", 'https:'],
+	  'script-src': ["'self'", "'unsafe-inline'", 'api.enderman.ch', 'cdn.jsdelivr.net'],
+          'img-src': ["'self'", 'data:', 'blob:', 'api.enderman.ch', 'cdn.jsdelivr.net', 'strapi.io'],
+	  'media-src': ["'self'", 'data:', 'blob:', 'api.enderman.ch'],
          upgradeInsecureRequests: null,
        },
      },