admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): register SanitizeInput and CSRF middleware in app.module.ts

Browse Source 
- Register SanitizeInputMiddleware for all routes to prevent stored XSS
- Register CsrfMiddleware for all routes (sets cookie on GET, validates on state-changing methods)
- Remove unsafe-inline from CSP scriptSrc directive
- AppModule now implements NestModule with configure() method

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-08 13:24:50 +07:00
parent cc5c81904b
commit e7e2c47f2a
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/api/src/main.ts
View File

@@ -45,7 +45,7 @@ async function bootstrap() {
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
scriptSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'", 'data:', 'https:', 'blob:'],
connectSrc: ["'self'"],