git.gladyson/openmonetis
1
0
Fork 1
mirror of https://github.com/felipegcoutinho/openmonetis.git synced 2026-05-09 11:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): remover header CSP de respostas de API

Browse Source 
CSP não tem efeito em respostas JSON e expunha domínios
internos (Umami, Supabase, logo.dev) em endpoints públicos.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Felipe Coutinho
2026-04-21 14:44:18 +00:00
parent 74dda549f5
commit 5b03824a72
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/proxy.ts
View File

@@ -101,7 +101,9 @@ export default async function proxy(request: NextRequest) {
}
const response = NextResponse.next();
response.headers.set("Content-Security-Policy", buildCsp());
if (!pathname.startsWith("/api/")) {
response.headers.set("Content-Security-Policy", buildCsp());
}
return response;
}