fix: explicitly allow wss in CSP connectSrc
Build Institutional Trader / build-and-deploy (push) Successful in 2m13s Details

This commit is contained in:
Deep Koluguri 2026-06-22 19:47:00 -04:00
parent 2dba57191b
commit b3373d6d85
1 changed files with 1 additions and 0 deletions

View File

@ -10,6 +10,7 @@ export const setupSecurity = (app) => {
defaultSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
scriptSrc: ["'self'", "https://static.cloudflareinsights.com", "'unsafe-inline'"],
connectSrc: ["'self'", "ws:", "wss:", "http:", "https:"],
imgSrc: ["'self'", 'data:', 'https:'],
},
},