Merge branch 'main' into feat/add_asset_profile

2 years ago · ce255311ac
3 changed files with 15 additions and 12 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,7 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 - Fixed an issue with the clone functionality of a transaction caused by the symbol search component

-## 1.283.2 - 2023-06-24
+## 1.283.5 - 2023-06-25

 ### Added

--- a/apps/api/src/main.ts
+++ b/apps/api/src/main.ts
@ -35,17 +35,20 @@ async function bootstrap() {
  // Support 10mb csv/json files for importing activities
  app.use(bodyParser.json({ limit: '10mb' }));

-  app.use(
-    helmet({
-      contentSecurityPolicy: {
-        directives: {
-          scriptSrc: ["'self'", "'unsafe-inline'"], // Allow inline scripts
-          scriptSrcAttr: ["'self'", "'unsafe-inline'"], // Allow inline event handlers
-          styleSrc: ["'self'", "'unsafe-inline'"] // Allow inline styles
+  if (configService.get<string>('ENABLE_FEATURE_SUBSCRIPTION') === 'true') {
+    app.use(
+      helmet({
+        contentSecurityPolicy: {
+          directives: {
+            frameSrc: ["'self'", 'https://js.stripe.com'], // Allow loading frames from Stripe
+            scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts and scripts from Stripe
+            scriptSrcAttr: ["'self'", "'unsafe-inline'"], // Allow inline event handlers
+            styleSrc: ["'self'", "'unsafe-inline'"] // Allow inline styles
+          }
        }
-      }
-    })
-  );
+      })
+    );
+  }

  const BASE_CURRENCY = configService.get<string>('BASE_CURRENCY');
  const HOST = configService.get<string>('HOST') || '0.0.0.0';
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "ghostfolio",
-  "version": "1.283.2",
+  "version": "1.283.5",
  "homepage": "https://ghostfol.io",
  "license": "AGPL-3.0",
  "scripts": {