Release 1.283.5 (#2103)

CHANGELOG.md

@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## 1.283.4 - 2023-06-24
+## 1.283.5 - 2023-06-25
 
 ### Added
 

apps/api/src/main.ts

@@ -35,18 +35,20 @@ async function bootstrap() {
   // Support 10mb csv/json files for importing activities
   app.use(bodyParser.json({ limit: '10mb' }));
 
-  app.use(
+  if (configService.get<string>('ENABLE_FEATURE_SUBSCRIPTION') === 'true') {
-    helmet({
+    app.use(
-      contentSecurityPolicy: {
+      helmet({
-        directives: {
+        contentSecurityPolicy: {
-          frameSrc: ["'self'", 'https://js.stripe.com'], // Allow loading frames from Stripe
+          directives: {
-          scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts and scripts from Stripe
+            frameSrc: ["'self'", 'https://js.stripe.com'], // Allow loading frames from Stripe
-          scriptSrcAttr: ["'self'", "'unsafe-inline'"], // Allow inline event handlers
+            scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts and scripts from Stripe
-          styleSrc: ["'self'", "'unsafe-inline'"] // Allow inline styles
+            scriptSrcAttr: ["'self'", "'unsafe-inline'"], // Allow inline event handlers
+            styleSrc: ["'self'", "'unsafe-inline'"] // Allow inline styles
+          }
         }
-      }
+      })
-    })
+    );
-  );
+  }
 
   const BASE_CURRENCY = configService.get<string>('BASE_CURRENCY');
   const HOST = configService.get<string>('HOST') || '0.0.0.0';

package.json

@@ -1,6 +1,6 @@
 {
   "name": "ghostfolio",
-  "version": "1.283.4",
+  "version": "1.283.5",
   "homepage": "https://ghostfol.io",
   "license": "AGPL-3.0",
   "scripts": {