Closed mkevinosullivan closed 1 year ago
Template doesn't explicitly set Content-Security-Policy header via the Express.js library's cspHeaders middleware.
Content-Security-Policy
cspHeaders
Note that ensureInstalledOnShop also adds the header internally, which is why the vanilla template works as-is.
ensureInstalledOnShop
Fixes #1239
This commit adds the cspHeaders middleware to the app stack.
README.md
WHY are these changes introduced?
Template doesn't explicitly set
Content-Security-Policyheader via the Express.js library'scspHeadersmiddleware.Note that
ensureInstalledOnShopalso adds the header internally, which is why the vanilla template works as-is.Fixes #1239
WHAT is this pull request doing?
This commit adds the
cspHeadersmiddleware to the app stack.Checklist
README.mdfile and other related documentation, if applicable