Add object src to csp

2025-12-06 11:36:58 +03:00 · 2021-05-06 16:14:11 -04:00
parent cd66399049
commit 60a118f391
1 changed files with 1 additions and 1 deletions
--- a/src/middleware/apiCsp.ts
+++ b/src/middleware/apiCsp.ts
@@ -1,6 +1,6 @@
 import {NextFunction, Request, Response} from 'express';

 export function apiCspMiddleware(req: Request, res: Response, next: NextFunction) {
-    res.header("Content-Security-Policy", "script-src 'none'");
+    res.header("Content-Security-Policy", "script-src 'none'; object-src 'none'");
    next();
 }