From 39492403ad60f2395c65e0ad665a223870f92ec3 Mon Sep 17 00:00:00 2001
From: Julian Krauser <jkrauser209@gmail.com>
Date: Sun, 2 Mar 2025 08:36:01 +0100
Subject: [PATCH] change: content-security-policy

---
 config/middlewares.ts | 35 ++++++++++++++++++++++++-----------
 1 file changed, 24 insertions(+), 11 deletions(-)

diff --git a/config/middlewares.ts b/config/middlewares.ts
index 9e6e51e..4c6e846 100644
--- a/config/middlewares.ts
+++ b/config/middlewares.ts
@@ -1,13 +1,26 @@
 export default [
-  'strapi::logger',
-  'strapi::errors',
-  'strapi::security',
-  'strapi::cors',
-  'strapi::poweredBy',
-  'strapi::query',
-  'strapi::body',
-  'strapi::session',
-  'strapi::favicon',
-  'strapi::public',
-  'global::deepPopulate'
+  "strapi::logger",
+  "strapi::errors",
+  // "strapi::security",
+  {
+    name: "strapi::security",
+    config: {
+      contentSecurityPolicy: {
+        useDefaults: true,
+        directives: {
+          "script-src": ["'self'", "https:", "http:"],
+          "frame-src": ["'self'", "https:", "http:"],
+          "frame-ancestors": ["'self'", "https:", "http:"],
+        },
+      },
+    },
+  },
+  "strapi::cors",
+  "strapi::poweredBy",
+  "strapi::query",
+  "strapi::body",
+  "strapi::session",
+  "strapi::favicon",
+  "strapi::public",
+  "global::deepPopulate",
 ];