Update dependencies, enhance security headers, and add brand information to translations
- Updated various dependencies in package.json and package-lock.json for improved performance and security. - Changed Cross-Origin-Embedder-Policy from 'require-corp' to 'credentialless' in server.js and nginx.conf for better compatibility. - Enhanced Content-Security-Policy to include specific domains for script and connect sources. - Added brand information to translations for multiple languages, improving localization and user experience. - Introduced a new BrandMarquee component in the homepage layout to showcase brands effectively.
This commit is contained in:
@@ -20,12 +20,12 @@ app.use((req, res, next) => {
|
||||
res.setHeader('X-Content-Type-Options', 'nosniff');
|
||||
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
|
||||
res.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
|
||||
res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp');
|
||||
res.setHeader('Cross-Origin-Embedder-Policy', 'credentialless');
|
||||
// Gate SSR CSP to avoid breaking inline scripts unless explicitly enabled
|
||||
if (process.env.ENABLE_SSR_CSP === '1') {
|
||||
res.setHeader(
|
||||
'Content-Security-Policy',
|
||||
"default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://cdn.pixabay.com https://raw.githubusercontent.com; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'"
|
||||
"default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'nonce-astro' https://chat.365devnet.eu; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://cdn.pixabay.com https://raw.githubusercontent.com; font-src 'self' data:; connect-src 'self' https://chat.365devnet.eu wss://chat.365devnet.eu; frame-src https://chat.365devnet.eu; frame-ancestors 'none'; base-uri 'self'; form-action 'self'"
|
||||
);
|
||||
}
|
||||
next();
|
||||
|
||||
Reference in New Issue
Block a user