Fix CSP middleware

2025-03-28 16:48:57 +01:00
parent c6d5936639
commit 70cf5e1705
1 changed files with 40 additions and 0 deletions
--- a/config/env/production/middlewares.ts
+++ b/config/env/production/middlewares.ts
@@ -0,0 +1,40 @@
+export default [
+  "strapi::logger",
+  "strapi::errors",
+  //'strapi::security',
+  {
+    name: "strapi::security",
+    config: {
+      contentSecurityPolicy: {
+        useDefaults: true,
+        directives: {
+          "connect-src": ["'self'", "https:"],
+          "img-src": [
+            "'self'",
+            "data:",
+            "blob:",
+            "market-assets.strapi.io",
+            "192.168.0.211:9000",
+            "beyonder.synology.me:9000",
+          ],
+          "media-src": [
+            "'self'",
+            "data:",
+            "blob:",
+            "market-assets.strapi.io",
+            "192.168.0.211:9000",
+            "beyonder.synology.me:9000",
+          ],
+          upgradeInsecureRequests: null,
+        },
+      },
+    },
+  },
+  "strapi::cors",
+  "strapi::poweredBy",
+  "strapi::query",
+  "strapi::body",
+  "strapi::session",
+  "strapi::favicon",
+  "strapi::public",
+];