diff --git a/docs/source/02-02-advanced-configuration.md b/docs/source/02-02-advanced-configuration.md index 13ad2c35a..451865e47 100644 --- a/docs/source/02-02-advanced-configuration.md +++ b/docs/source/02-02-advanced-configuration.md @@ -512,13 +512,14 @@ tracing of GraphQL requests. **Note: Apollo Engine is a premium service, charges may apply.** -## TALK_ENABLE_STRICT_CSP + + ## ALLOW_NO_LIMIT_QUERIES diff --git a/routes/index.js b/routes/index.js index 5183e2881..cb8e03b33 100644 --- a/routes/index.js +++ b/routes/index.js @@ -9,7 +9,6 @@ const path = require('path'); const compression = require('compression'); const plugins = require('../services/plugins'); const staticTemplate = require('../middleware/staticTemplate'); -const contentSecurityPolicy = require('../middleware/contentSecurityPolicy'); const nonce = require('../middleware/nonce'); const staticServer = require('express-static-gzip'); const { DISABLE_STATIC_SERVER } = require('../config'); @@ -76,7 +75,8 @@ router.use(compression()); // STATIC ROUTES //============================================================================== -const staticMiddleware = [staticTemplate, nonce, contentSecurityPolicy]; +// TODO: re-add CSP once we've resolved issues with dynamic webpack loading. +const staticMiddleware = [staticTemplate, nonce]; router.use('/admin', ...staticMiddleware, require('./admin')); router.use('/account', ...staticMiddleware, require('./account')); diff --git a/routes/plugins.js b/routes/plugins.js index fcc1125b9..8504c0c94 100644 --- a/routes/plugins.js +++ b/routes/plugins.js @@ -2,13 +2,12 @@ const express = require('express'); const debug = require('debug')('talk:routes:plugins'); const plugins = require('../services/plugins'); const staticTemplate = require('../middleware/staticTemplate'); -const contentSecurityPolicy = require('../middleware/contentSecurityPolicy'); const nonce = require('../middleware/nonce'); const router = express.Router(); -// Apply the middleware. -router.use(staticTemplate, nonce, contentSecurityPolicy); +// TODO: re-add CSP once we've resolved issues with dynamic webpack loading. +router.use(staticTemplate, nonce); // Inject server route plugins. plugins.get('server', 'router').forEach(plugin => {