TheAnimeSenpai
02/21/2024, 9:06 AMrp_st
02/21/2024, 9:18 AMrp_st
02/21/2024, 9:20 AMTheAnimeSenpai
02/21/2024, 9:21 AMTheAnimeSenpai
02/21/2024, 9:21 AMrp_st
02/21/2024, 9:22 AMTheAnimeSenpai
02/21/2024, 9:41 AMapp.enableCors({
origin: [WEBSITE_DOMAIN, 'http://localhost:7000', 'http://localhost:4321'],
allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()],
credentials: true,
});
TheAnimeSenpai
02/21/2024, 10:04 AMapp.use(
helmet({
contentSecurityPolicy: {
directives: {
scriptSrc: [
"'self'",
"'unsafe-inline'",
"'unsafe-eval'",
'https://cdn.jsdelivr.net/gh/supertokens/',
],
imgSrc: [
"'self'",
'data:',
'https://cdn.jsdelivr.net/gh/supertokens/',
],
},
},
}),
);
still not sure why this was needed in my project, since the sample app works without this ...rp_st
02/21/2024, 10:05 AMTheAnimeSenpai
02/21/2024, 10:14 AM