From 70cf5e1705997f8183dfebf24a1042409ddec664 Mon Sep 17 00:00:00 2001
From: julien vdb <julien@dropinadventure.com>
Date: Fri, 28 Mar 2025 16:48:57 +0100
Subject: [PATCH] Fix CSP middleware

---
 config/env/production/middlewares.ts | 40 ++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 config/env/production/middlewares.ts

diff --git a/config/env/production/middlewares.ts b/config/env/production/middlewares.ts
new file mode 100644
index 0000000..963389c
--- /dev/null
+++ b/config/env/production/middlewares.ts
@@ -0,0 +1,40 @@
+export default [
+  "strapi::logger",
+  "strapi::errors",
+  //'strapi::security',
+  {
+    name: "strapi::security",
+    config: {
+      contentSecurityPolicy: {
+        useDefaults: true,
+        directives: {
+          "connect-src": ["'self'", "https:"],
+          "img-src": [
+            "'self'",
+            "data:",
+            "blob:",
+            "market-assets.strapi.io",
+            "192.168.0.211:9000",
+            "beyonder.synology.me:9000",
+          ],
+          "media-src": [
+            "'self'",
+            "data:",
+            "blob:",
+            "market-assets.strapi.io",
+            "192.168.0.211:9000",
+            "beyonder.synology.me:9000",
+          ],
+          upgradeInsecureRequests: null,
+        },
+      },
+    },
+  },
+  "strapi::cors",
+  "strapi::poweredBy",
+  "strapi::query",
+  "strapi::body",
+  "strapi::session",
+  "strapi::favicon",
+  "strapi::public",
+];