Add instructions to amend CSP directives

WalkingPizza · Sep 29, 2022 · 97d2e17 · 97d2e17
1 parent 7d5c6ad
commit 97d2e17
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -62,6 +62,37 @@ module.exports = {
 };
 ```
 
+### Configuring the security middleware
+
+Open the file `config/middlewares.js` and check the configuration of the `strapi::security` middleware.
+
+If your file looks like this:
+
+```js
+module.exports = [
+  'strapi::errors',
+  'strapi::security',
+  'strapi::cors',
+  'strapi::poweredBy',
+```
+
+Replace `'strapi::security'` with:
+
+```js
+{
+  name: 'strapi::security',
+  config: {
+    contentSecurityPolicy: {
+      directives: {
+        'img-src': ["'self'", 'data:', 'blob:', 'https://dl.airtable.com', 'https://cdn.shopify.com'],
+      },
+    },
+  },
+}
+```
+
+If, instead, your file already presents `strapi::security` as an object, simply add `https://cdn.shopify.com` to the `img-src` array.
+
 ## 🚀 Roadmap
 
 - [ ] Automatic sync between your Shopify catalog and Strapi fields