From fa09969a591740e241100ad3c283a939b55a84b7 Mon Sep 17 00:00:00 2001
From: Jure Triglav <juretriglav@gmail.com>
Date: Fri, 19 Mar 2021 05:23:37 +0100
Subject: [PATCH] fix: disable content security policy

---
 server/app.js | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/server/app.js b/server/app.js
index 8ca5ea0c69..671c6fce52 100644
--- a/server/app.js
+++ b/server/app.js
@@ -7,7 +7,7 @@ require('dotenv').config({ path: path.join(__dirname, '../.env') })
 const config = require('config')
 const express = require('express')
 const morgan = require('morgan')
-const helmet = require('helmet')
+// const helmet = require('helmet')
 const cookieParser = require('cookie-parser')
 const bodyParser = require('body-parser')
 const passport = require('passport')
@@ -49,12 +49,13 @@ const configureApp = app => {
 
   app.use(bodyParser.urlencoded({ extended: false }))
   app.use(cookieParser())
-  app.use(
-    helmet({
-      contentSecurityPolicy:
-        process.env.NODE_ENV === 'production' ? undefined : false, // Disable contentSecurityPolicy for non-prod use, so GraphQl Playground works
-    }),
-  )
+  // TODO: With this requests all try to go to https even when it does not exist
+  // app.use(
+  //   helmet({
+  //     contentSecurityPolicy:
+  //       process.env.NODE_ENV === 'production' ? undefined : false, // Disable contentSecurityPolicy for non-prod use, so GraphQl Playground works
+  //   }),
+  // )
   app.use(express.static(path.resolve('.', '_build')))
 
   app.use('/public', express.static(path.resolve(__dirname, '../public')))
-- 
GitLab