diff --git a/services/web/app/src/infrastructure/CSP.js b/services/web/app/src/infrastructure/CSP.js index 4f4c216f97..e8f9a90940 100644 --- a/services/web/app/src/infrastructure/CSP.js +++ b/services/web/app/src/infrastructure/CSP.js @@ -93,4 +93,10 @@ function relativeViewPath(view) { : path.join('app', 'views', view) } +function removeCSPHeaders(res) { + res.removeHeader('Content-Security-Policy') + res.removeHeader('Content-Security-Policy-Report-Only') +} + module.exports.buildDefaultPolicy = buildDefaultPolicy +module.exports.removeCSPHeaders = removeCSPHeaders diff --git a/services/web/app/src/infrastructure/Server.js b/services/web/app/src/infrastructure/Server.js index c00e2ce175..a3f4272dc8 100644 --- a/services/web/app/src/infrastructure/Server.js +++ b/services/web/app/src/infrastructure/Server.js @@ -121,11 +121,13 @@ webRouter.get( '/serviceWorker.js', express.static(Path.join(__dirname, '/../../../public'), { maxAge: oneDayInMilliseconds, + setHeaders: csp.removeCSPHeaders, }) ) webRouter.use( express.static(Path.join(__dirname, '/../../../public'), { maxAge: STATIC_CACHE_AGE, + setHeaders: csp.removeCSPHeaders, }) ) app.set('views', Path.join(__dirname, '/../../views')) diff --git a/services/web/webpack.config.dev.js b/services/web/webpack.config.dev.js index 6f4b010aae..104f3cf37a 100644 --- a/services/web/webpack.config.dev.js +++ b/services/web/webpack.config.dev.js @@ -3,7 +3,6 @@ const merge = require('webpack-merge') const MiniCssExtractPlugin = require('mini-css-extract-plugin') const base = require('./webpack.config') -const { buildDefaultPolicy } = require('./app/src/infrastructure/CSP') module.exports = merge(base, { mode: 'development', @@ -31,10 +30,6 @@ module.exports = merge(base, { port: 3808, public: 'www.dev-overleaf.com:443', - headers: { - 'Content-Security-Policy': buildDefaultPolicy(), - }, - // Customise output to the (node) console stats: { colors: true, // Enable some coloured highlighting