donpat1to/Schichtenplaner
1
0
Fork 0
mirror of https://github.com/donpat1to/Schichtenplaner.git synced 2025-12-01 06:55:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

removed all cors statemnts

Browse Source
This commit is contained in:
Patrick Mahnke-Hartmann
2025-10-29 00:34:12 +01:00
parent 663eb61352
commit 1231c8362f
2 changed files with 17 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/src/server.ts
View File

@@ -22,6 +22,8 @@ const app = express();
const PORT = 3002;
const isDevelopment = process.env.NODE_ENV === 'development';
app.set('trust proxy', true);
// Security configuration
if (process.env.NODE_ENV === 'production') {
console.info('Checking for JWT_SECRET');
@@ -34,14 +36,20 @@ if (process.env.NODE_ENV === 'production') {
// Security headers
app.use(helmet({
contentSecurityPolicy: isDevelopment ? false : {
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'", "data:", "https:"],
connectSrc: ["'self'"],
fontSrc: ["'self'"],
objectSrc: ["'none'"],
mediaSrc: ["'self'"],
frameSrc: ["'none'"],
},
},
hsts: false,
crossOriginEmbedderPolicy: false
}));