CSP

Context Security Policy headers are vital for securing your web application.

Setting CSP header

Mage has a first party middleware to set CSP headers.

import { useCSP } from "@mage/app/csp";

app.use(
  useCSP({
    directives: {
      defaultSrc: "'self'",
      upgradeInsecureRequests: true,
    },
  }),
);