This commit is contained in:
parent
53e2873fd4
commit
f8d380ebab
|
|
@ -61,13 +61,14 @@ const apiLimiter = rateLimit({
|
|||
})
|
||||
|
||||
// --- Security Headers (Helmet) ---
|
||||
const isDev = process.env.NODE_ENV === 'development'
|
||||
const cspDirectives = {
|
||||
defaultSrc: ["'self'"],
|
||||
scriptSrc: ["'self'"],
|
||||
styleSrc: ["'self'", 'https://fonts.googleapis.com'],
|
||||
fontSrc: ["'self'", 'https://fonts.gstatic.com'],
|
||||
imgSrc: ["'self'", 'data:'],
|
||||
connectSrc: ["'self'"],
|
||||
connectSrc: isDev ? ["'self'", 'ws://localhost:*'] : ["'self'"],
|
||||
objectSrc: ["'none'"],
|
||||
baseUri: ["'self'"],
|
||||
formAction: ["'self'"],
|
||||
|
|
@ -95,7 +96,7 @@ app.use(helmet({
|
|||
log.info('[Security] Helmet enabled with CSP configured')
|
||||
|
||||
// --- CORS Configuration ---
|
||||
const corsOrigin = process.env.CORS_ORIGIN || '*' // Default to * for development
|
||||
const corsOrigin = process.env.CORS_ORIGIN || 'https://queuenorth.com' // Default to production domain
|
||||
const corsConfig = cors({
|
||||
origin: corsOrigin === '*' ? corsOrigin : (corsOrigin === 'null' ? undefined : corsOrigin),
|
||||
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
|
||||
|
|
|
|||
|
|
@ -20,6 +20,6 @@ export default defineConfig({
|
|||
},
|
||||
build: {
|
||||
outDir: 'dist',
|
||||
sourcemap: true,
|
||||
sourcemap: process.env.NODE_ENV !== 'production',
|
||||
},
|
||||
})
|
||||
|
|
|
|||
Loading…
Reference in New Issue