From 06607b5c51e8e3a3ca4b898c9ddcf40b8986ddbd Mon Sep 17 00:00:00 2001 From: Jakob Ackermann Date: Wed, 5 Jun 2024 13:58:54 +0200 Subject: [PATCH] Merge pull request #18732 from overleaf/jpa-server-pro-csp [server-ce] enable CSP by default in Server CE/Pro GitOrigin-RevId: 8c7664a39f688a748f33e3158b594b9368457661 --- server-ce/config/settings.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server-ce/config/settings.js b/server-ce/config/settings.js index 6ee695f74e..d5aad069fd 100644 --- a/server-ce/config/settings.js +++ b/server-ce/config/settings.js @@ -208,6 +208,10 @@ const settings = { process.env.OVERLEAF_SESSION_SECRET || process.env.CRYPTO_RANDOM, }, + csp: { + enabled: process.env.OVERLEAF_CSP_ENABLED !== 'false', + }, + // These credentials are used for authenticating api requests // between services that may need to go over public channels httpAuthUsers,