Middlewares
Important Note on Security Middleware
The system automatically injects 'wasm-unsafe-eval' into the script-src directive of the Content Security Policy (CSP) in Strapi's security middleware. This adjustment is necessary to enable the execution of certain animations within the system that rely on WebAssembly (WASM).
Why is this important?
WebAssembly animations require specific permissions to execute securely. By adding 'wasm-unsafe-eval', we ensure these animations function correctly without manual intervention.
What If You Customize the Security Middleware?
If you've customized the Strapi security middleware in your config/middlewares.js, the system will merge our required CSP directive with your existing configuration. This ensures both your custom rules and our mandatory directives coexist seamlessly.
Can I modify this?
While this is injected automatically for compatibility, you can further customize your security middleware configuration in Strapi if needed. However, removing this directive may prevent the animations from working as intended.
For more details on customizing the Strapi security middleware, refer to the Strapi Middleware Documentation.