fix(sim): allow jsdelivr script under helmet CSP

2026-01-28 11:15:00 +00:00
parent 8c902f989f
commit f6d3b8a551
1 changed files with 9 additions and 1 deletions
--- a/Backend/index.ts
+++ b/Backend/index.ts
@@ -43,7 +43,15 @@ app.use('/docs', swaggerUi.serve, swaggerUi.setup(openApiDocument));

 app.all('/api/auth/*splat', toNodeHandler(auth));

-app.use(helmet());
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        scriptSrc: ["'self'", 'https://cdn.jsdelivr.net'],
+      },
+    },
+  }),
+);
 app.use(
  cors({
    origin: trustedOrigins.length > 0 ? trustedOrigins : true,