admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-22 12:19:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(core): Allow specifying Content-Security-Policy-Report-Only (#15805)

Browse Source
This commit is contained in:
Mike Arvela
2025-05-29 09:26:24 +03:00
committed by GitHub
parent e860dd6d2e
commit c12784600f
3 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/cli/src/server.ts
View File

@@ -354,11 +354,13 @@ export class Server extends AbstractServer {
errorMessage: 'The contentSecurityPolicy is not valid JSON.',
},
);
const cspReportOnly = Container.get(SecurityConfig).contentSecurityPolicyReportOnly;
const securityHeadersMiddleware = helmet({
contentSecurityPolicy: isEmpty(cspDirectives)
? false
: {
useDefaults: false,
reportOnly: cspReportOnly,
directives: {
...cspDirectives,
},