jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: use private helcimApiToken for all server-side Helcim API calls

Browse source
This commit is contained in:
Jennie Robinson Faber 2026-04-04 13:37:34 +01:00
parent ccd1d0783a
commit d31b5b4dac
53 changed files with 1755 additions and 572 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/middleware/02.security-headers.js
View file

@ -18,9 +18,9 @@ export default defineEventHandler((event) => {
headers['Content-Security-Policy'] = [
"default-src 'self'",
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://myposjs.helcim.com https://plausible.io",
"style-src 'self' 'unsafe-inline'",
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
"img-src 'self' data: https://res.cloudinary.com https://*.cloudinary.com",
"font-src 'self'",
"font-src 'self' https://fonts.gstatic.com",
"connect-src 'self' https://api.helcim.com https://myposjs.helcim.com https://plausible.io",
"frame-src 'self' https://myposjs.helcim.com https://secure.helcim.com",
"base-uri 'self'",