From cd83c18555e69b1e35d5ad2192bf38032e81f002 Mon Sep 17 00:00:00 2001 From: Deep Koluguri Date: Mon, 22 Jun 2026 19:40:24 -0400 Subject: [PATCH] fix: update CSP for Cloudflare and set CORS_ORIGIN to fix 500 errors --- backend/src/middleware/security.js | 2 +- k8s/app.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/backend/src/middleware/security.js b/backend/src/middleware/security.js index 4129c02..2a5b17d 100644 --- a/backend/src/middleware/security.js +++ b/backend/src/middleware/security.js @@ -9,7 +9,7 @@ export const setupSecurity = (app) => { directives: { defaultSrc: ["'self'"], styleSrc: ["'self'", "'unsafe-inline'"], - scriptSrc: ["'self'"], + scriptSrc: ["'self'", "https://static.cloudflareinsights.com", "'unsafe-inline'"], imgSrc: ["'self'", 'data:', 'https:'], }, }, diff --git a/k8s/app.yaml b/k8s/app.yaml index d8e7af3..243c729 100644 --- a/k8s/app.yaml +++ b/k8s/app.yaml @@ -22,6 +22,8 @@ spec: env: - name: NODE_ENV value: "production" + - name: CORS_ORIGIN + value: "https://market.applaude.net" - name: USE_PYTHON_SERVICE value: "false" - name: DATABASE_URL