Merge pull request #18732 from overleaf/jpa-server-pro-csp

[server-ce] enable CSP by default in Server CE/Pro

GitOrigin-RevId: 8c7664a39f688a748f33e3158b594b9368457661
This commit is contained in:
Jakob Ackermann 2024-06-05 13:58:54 +02:00 committed by Copybot
parent dd7970c11d
commit 06607b5c51

View file

@ -208,6 +208,10 @@ const settings = {
process.env.OVERLEAF_SESSION_SECRET || process.env.CRYPTO_RANDOM, process.env.OVERLEAF_SESSION_SECRET || process.env.CRYPTO_RANDOM,
}, },
csp: {
enabled: process.env.OVERLEAF_CSP_ENABLED !== 'false',
},
// These credentials are used for authenticating api requests // These credentials are used for authenticating api requests
// between services that may need to go over public channels // between services that may need to go over public channels
httpAuthUsers, httpAuthUsers,