yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-03 11:25:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add check in security middleware

Browse Source
This commit is contained in:
Alexandre Bodin 2022-08-24 15:47:43 +02:00
parent 9ad6931823
commit fd8e4c6bfa
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
packages/core/strapi/lib/middlewares/security.js
View File

@ -35,13 +35,14 @@ module.exports =
(config, { strapi }) =>
(ctx, next) => {
let helmetConfig = defaultsDeep(defaults, config);
const { config: gqlConfig } = strapi.plugin('graphql');
const gqlEndpoint = gqlConfig('endpoint');
const specialPaths = ['/documentation'];
if (
ctx.method === 'GET' &&
[gqlEndpoint, '/documentation'].some((str) => ctx.path.startsWith(str))
) {
if (strapi.plugin('graphql')) {
const { config: gqlConfig } = strapi.plugin('graphql');
specialPaths.push(gqlConfig('endpoint'));
}
if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {
helmetConfig = merge(helmetConfig, {
contentSecurityPolicy: {
directives: {