Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🛡️ fix: Temporarily Remove CSP until Configurable (#7419)

Browse source
This commit is contained in:
Danny Avila 2025-05-16 09:16:32 -04:00 committed by GitHub
parent 2a3bf259aa
commit a92ac23c44
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

41
api/server/index.js
View file

@ -2,7 +2,6 @@ require('dotenv').config();
const path = require('path');
require('module-alias')({ base: path.resolve(__dirname, '..') });
const cors = require('cors');
const helmet = require('helmet');
const axios = require('axios');
const express = require('express');
const compression = require('compression');
@ -23,15 +22,7 @@ const staticCache = require('./utils/staticCache');
const noIndex = require('./middleware/noIndex');
const routes = require('./routes');
const {
PORT,
HOST,
ALLOW_SOCIAL_LOGIN,
DISABLE_COMPRESSION,
TRUST_PROXY,
SANDPACK_BUNDLER_URL,
SANDPACK_STATIC_BUNDLER_URL,
} = process.env ?? {};
const { PORT, HOST, ALLOW_SOCIAL_LOGIN, DISABLE_COMPRESSION, TRUST_PROXY } = process.env ?? {};
const port = Number(PORT) || 3080;
const host = HOST || 'localhost';
@ -64,36 +55,6 @@ const startServer = async () => {
app.use(mongoSanitize());
app.use(cors());
app.use(cookieParser());
app.use(
helmet({
contentSecurityPolicy: {
useDefaults: false,
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", 'https://challenges.cloudflare.com'],
styleSrc: ["'self'", "'unsafe-inline'"],
fontSrc: ["'self'", 'data:'],
objectSrc: ["'none'"],
imgSrc: ["'self'", 'data:'],
mediaSrc: ["'self'", 'data:', 'blob:'],
connectSrc: ["'self'"],
frameSrc: [
"'self'",
'https://challenges.cloudflare.com',
'https://codesandbox.io',
...(SANDPACK_BUNDLER_URL ? [SANDPACK_BUNDLER_URL] : []),
...(SANDPACK_STATIC_BUNDLER_URL ? [SANDPACK_STATIC_BUNDLER_URL] : []),
],
frameAncestors: [
"'self'",
'https://codesandbox.io',
...(SANDPACK_BUNDLER_URL ? [SANDPACK_BUNDLER_URL] : []),
...(SANDPACK_STATIC_BUNDLER_URL ? [SANDPACK_STATIC_BUNDLER_URL] : []),
],
},
},
}),
);
if (!isEnabled(DISABLE_COMPRESSION)) {
app.use(compression());