github-actions[bot]
commented
1 year ago :tada: This PR is included in version 1.2.1 :tada:
The release is available on:
- GitHub release
v1.2.1
Your semantic-release bot :package::rocket:
Closed evan10s closed 1 year ago
github-actions[bot]
commented
1 year ago :tada: This PR is included in version 1.2.1 :tada:
The release is available on:
v1.2.1Your semantic-release bot :package::rocket:
When running with the Node environment set to production, the server enables Helmet, which adds several headers that are important for web app security.
With the expectation that the app currently doesn't support HTTPS, this PR intentionally disables the Content Security Policy
upgrade-insecure-requestsheader such that the app can be loaded over HTTP even off localhost.It's worth noting that the app already has no access control and thus should only be hosted either locally or on private/trusted local networks anyways. The server does not expose plaintext secrets, but the client does send secret values in plaintext to the server to save them.
Other minor fixes in this PR: