From 548b7b35c099c162af46ddafe8cf499604d720b0 Mon Sep 17 00:00:00 2001
From: GEgorov <GEgorov@ncms-i.ru>
Date: Tue, 7 Oct 2025 00:25:09 +0300
Subject: [PATCH] 	modified:   backend/src/server.ts

---
 backend/src/server.ts | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/backend/src/server.ts b/backend/src/server.ts
index 1955c86..f0f5a70 100644
--- a/backend/src/server.ts
+++ b/backend/src/server.ts
@@ -26,23 +26,13 @@ const app: Express = express();
 // Trust proxy if behind reverse proxy (nginx, apache, etc)
 app.set('trust proxy', true);
 
-// Middleware
-app.use(helmet({
-  contentSecurityPolicy: config.nodeEnv === 'production' ? {
-    directives: {
-      defaultSrc: ["'self'"],
-      scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'", "blob:"],
-      workerSrc: ["'self'", "blob:"],
-      styleSrc: ["'self'", "'unsafe-inline'"],
-      imgSrc: ["'self'", "data:", "blob:"],
-      fontSrc: ["'self'", "data:"],
-      connectSrc: ["'self'"],
-    },
-  } : false,
-  crossOriginOpenerPolicy: false,
-  crossOriginResourcePolicy: false,
-  crossOriginEmbedderPolicy: false,
-}));
+// Middleware - Helmet disabled for HTTP internal use
+// app.use(helmet({
+//   contentSecurityPolicy: false,
+//   crossOriginOpenerPolicy: false,
+//   crossOriginResourcePolicy: false,
+//   crossOriginEmbedderPolicy: false,
+// }));
 app.use(cors());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));