I think removing helmet is a solid solution as our cloud providers already provide these common XSS headers. It's causing local development grief and adds extra complication that is already being handled by the cloud provider.
We should revisit CSP headers at a later time though.
I think removing helmet is a solid solution as our cloud providers already provide these common XSS headers. It's causing local development grief and adds extra complication that is already being handled by the cloud provider.
We should revisit CSP headers at a later time though.