From 9dddf2fa29ef04568779a29ad7ccb239894a16d4 Mon Sep 17 00:00:00 2001
From: Tudor Stanciu <tstanciu@totalsoft.ro>
Date: Sat, 4 Oct 2025 03:11:01 +0300
Subject: [PATCH] refactor: disable Content Security Policy in security
 middleware to allow HTTP access

---
 src/backend/index.ts | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/src/backend/index.ts b/src/backend/index.ts
index afd5316..3ec5ca5 100644
--- a/src/backend/index.ts
+++ b/src/backend/index.ts
@@ -21,19 +21,7 @@ const app = express();
 // Security middleware
 app.use(
   helmet({
-    contentSecurityPolicy: {
-      directives: {
-        defaultSrc: ["'self'"],
-        styleSrc: ["'self'", "'unsafe-inline'", 'https://unpkg.com'],
-        scriptSrc: ["'self'"],
-        imgSrc: ["'self'", 'data:', 'https:'],
-        connectSrc: ["'self'"],
-        fontSrc: ["'self'"],
-        objectSrc: ["'none'"],
-        mediaSrc: ["'self'"],
-        frameSrc: ["'none'"],
-      },
-    },
+    contentSecurityPolicy: false, // Disable CSP to allow HTTP access
     strictTransportSecurity: false, // Disable HSTS to allow HTTP access
     crossOriginOpenerPolicy: false, // Disable COOP to allow HTTP access
     crossOriginResourcePolicy: false, // Disable CORP to allow HTTP access