aimond/sapiens-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable script evaluation for production environments to prevent CSP errors

Browse Source 
Add CSP headers in production to include 'unsafe-eval' and 'unsafe-inline' in script-src and style-src directives.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 069d4324-6c40-4355-955e-c714a50de1ea
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/3df548ff-50ae-432f-9be4-25d34eccc983/069d4324-6c40-4355-955e-c714a50de1ea/yHCvWBg
This commit is contained in:
kimjaehyeon0101
2025-09-29 22:34:35 +00:00
parent aae07ee9f2
commit caf6fcdf80
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
server/index.ts
View File

@ -3,6 +3,18 @@ import { registerRoutes } from "./routes";
import { setupVite, serveStatic, log } from "./vite";
const app = express();
// Add CSP headers for production to allow eval (needed for some frameworks)
if (process.env.NODE_ENV === "production") {
app.use((_req, res, next) => {
res.setHeader(
"Content-Security-Policy",
"default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'"
);
next();
});
}
app.use(express.json());
app.use(express.urlencoded({ extended: false }));