github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-03 03:00:39 -04:00
Code Issues Packages Projects Releases Wiki Activity

Ensure prod app can run

Browse Source
This commit is contained in:
rijkvanzanten
2021-12-30 18:07:06 -05:00
parent ec86d5412d
commit 98cf1349fd
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api/src/app.ts
View File

@@ -55,6 +55,7 @@ import { flushCaches } from './cache';
import { registerAuthProviders } from './auth';
import { Url } from './utils/url';
import { getConfigFromEnv } from './utils/get-config-from-env';
import { merge } from 'lodash';
export default async function createApp(): Promise<express.Application> {
validateEnv(['KEY', 'SECRET']);
@@ -91,7 +92,20 @@ export default async function createApp(): Promise<express.Application> {
app.set('trust proxy', env.IP_TRUST_PROXY);
app.set('query parser', (str: string) => qs.parse(str, { depth: 10 }));
app.use(helmet.contentSecurityPolicy(getConfigFromEnv('CONTENT_SECURITY_POLICY_')));
app.use(
helmet.contentSecurityPolicy(
merge(
{
useDefaults: true,
directives: {
// Unsafe-eval is required for vue3 / vue-i18n / app extensions
scriptSrc: ["'self'", "'unsafe-eval'"],
},
},
getConfigFromEnv('CONTENT_SECURITY_POLICY_')
)
)
);
await emitter.emitInit('app.before', { app });