modified: backend/src/server.ts

2025-10-07 00:25:09 +03:00
parent d02325ca29
commit 548b7b35c0
1 changed files with 7 additions and 17 deletions
--- a/backend/src/server.ts
+++ b/backend/src/server.ts
@@ -26,23 +26,13 @@ const app: Express = express();
 // Trust proxy if behind reverse proxy (nginx, apache, etc)
 app.set('trust proxy', true);

-// Middleware
-app.use(helmet({
-  contentSecurityPolicy: config.nodeEnv === 'production' ? {
-    directives: {
-      defaultSrc: ["'self'"],
-      scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'", "blob:"],
-      workerSrc: ["'self'", "blob:"],
-      styleSrc: ["'self'", "'unsafe-inline'"],
-      imgSrc: ["'self'", "data:", "blob:"],
-      fontSrc: ["'self'", "data:"],
-      connectSrc: ["'self'"],
-    },
-  } : false,
-  crossOriginOpenerPolicy: false,
-  crossOriginResourcePolicy: false,
-  crossOriginEmbedderPolicy: false,
-}));
+// Middleware - Helmet disabled for HTTP internal use
+// app.use(helmet({
+//   contentSecurityPolicy: false,
+//   crossOriginOpenerPolicy: false,
+//   crossOriginResourcePolicy: false,
+//   crossOriginEmbedderPolicy: false,
+// }));
 app.use(cors());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));