Default to upgrade-insecure-requests turned off (#10830)

Fixes #10806
2026-04-03 03:00:39 -04:00 · 2022-01-03 16:09:30 -05:00
parent 66b8e1f3d3
commit 4c1ac51e8b
1 changed files with 5 additions and 0 deletions
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -100,6 +100,11 @@ export default async function createApp(): Promise<express.Application> {
 					directives: {
 						// Unsafe-eval is required for vue3 / vue-i18n / app extensions
 						scriptSrc: ["'self'", "'unsafe-eval'"],
+
+						// Even though this is recommended to have enabled, it breaks most local
+						// installations. Making this opt-in rather than opt-out is a little more
+						// friendly. Ref #10806
+						upgradeInsecureRequests: null,
 					},
 				},
 				getConfigFromEnv('CONTENT_SECURITY_POLICY_')