diff --git a/README.md b/README.md index c8569da..c62858a 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,10 @@ TRANSFER_TOKEN_SALT="" Run `openssl rand -hex 32` for each value and replace `` with the result. +#### Custom domain + +If you use custom domain, change `origin:` on `middlewares.js` + #### A PostgreSQL add-on Environment variables have already been set in the code. @@ -74,6 +78,8 @@ This project uses [@strapi/provider-upload-aws-s3](https://www.npmjs.com/package Don't forget to connect your add-ons to the application (**Service dependencies** option from your app menu in Clever Cloud Console). +Cellar policies need to be public. Follow this [documentation](https://www.clever-cloud.com/developers/doc/addons/cellar/#public-bucket-policy). + #### Dedicated build instance Strapi can run on a small instance like the `XS` plan, but the build process can take more RAM and CPU. Enable a dedicated build instance from your app menu **Information** option in Clever Cloud Console. diff --git a/config/middlewares.js b/config/middlewares.js index 6eaf586..9f56c9d 100644 --- a/config/middlewares.js +++ b/config/middlewares.js @@ -1,12 +1,39 @@ -module.exports = [ +export default ({ env }) => [ 'strapi::logger', 'strapi::errors', - 'strapi::security', - 'strapi::cors', + { + name: 'strapi::security', + config: { + contentSecurityPolicy: { + useDefaults: true, + directives: { + 'connect-src': ["'self'"], + 'img-src': [ + "'self'", + 'data:', + 'blob:', + 'https://' + env('CELLAR_BUCKET') + '.' + env('CELLAR_ADDON_HOST') + ], + 'media-src': ["'self'", 'data:', 'blob:', 'https://' + env('CELLAR_BUCKET') + '.' + env('CELLAR_ADDON_HOST')], + upgradeInsecureRequests: null, + }, + }, + }, + }, 'strapi::poweredBy', 'strapi::query', 'strapi::body', 'strapi::session', 'strapi::favicon', 'strapi::public', + { + name: 'strapi::cors', + config: { + enabled: true, + origin: ['https://' + env("APP_ID") + '.cleverapps.io'], //change if you use your own DNS + methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD'], + headers: ['*'], + credentials: true, + }, + } ];