diff --git a/CHANGELOG.md b/CHANGELOG.md index b7f26636d..77bef7847 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## 1.283.4 - 2023-06-24 +## 1.283.5 - 2023-06-25 ### Added diff --git a/apps/api/src/main.ts b/apps/api/src/main.ts index ee3cc8534..33fd40a30 100644 --- a/apps/api/src/main.ts +++ b/apps/api/src/main.ts @@ -35,18 +35,20 @@ async function bootstrap() { // Support 10mb csv/json files for importing activities app.use(bodyParser.json({ limit: '10mb' })); - app.use( - helmet({ - contentSecurityPolicy: { - directives: { - frameSrc: ["'self'", 'https://js.stripe.com'], // Allow loading frames from Stripe - scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts and scripts from Stripe - scriptSrcAttr: ["'self'", "'unsafe-inline'"], // Allow inline event handlers - styleSrc: ["'self'", "'unsafe-inline'"] // Allow inline styles + if (configService.get('ENABLE_FEATURE_SUBSCRIPTION') === 'true') { + app.use( + helmet({ + contentSecurityPolicy: { + directives: { + frameSrc: ["'self'", 'https://js.stripe.com'], // Allow loading frames from Stripe + scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts and scripts from Stripe + scriptSrcAttr: ["'self'", "'unsafe-inline'"], // Allow inline event handlers + styleSrc: ["'self'", "'unsafe-inline'"] // Allow inline styles + } } - } - }) - ); + }) + ); + } const BASE_CURRENCY = configService.get('BASE_CURRENCY'); const HOST = configService.get('HOST') || '0.0.0.0'; diff --git a/package.json b/package.json index dee222aa6..3953a1060 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ghostfolio", - "version": "1.283.4", + "version": "1.283.5", "homepage": "https://ghostfol.io", "license": "AGPL-3.0", "scripts": {