Removed Google Analytics and Google Tag Manager domains from the Content Security Policy headers to disable tracking and analytics functionality on the CRM application. This change affects both the main CSP header and the legacy X-Content-Security-Policy header for backward compatibility.
Updated several dependencies including:
- @aws-sdk/client-s3 from 3.965.0 to 3.975.0
- @aws-sdk/client-ses from 3.965.0 to 3.975.0
- @aws-sdk/client-sqs from 3.965.0 to 3.975.0
- dotenv from ^16.6.1 to ^16.5.0
- form-data from ^4.0.2 to ^4.0.5
- typescript from 5.9.3 to 5.8.3
Removed unused files:
- backend/.yarn/releases/yarn-4.9.1.cjs
- backend/package-lock.json
The ValidationPipe import was commented out and not being used in the code. This commit removes the unused import to clean up the code and avoid potential confusion. The Logger import remains active and is still in use.
- Remove helmet security middleware and related CSP configuration
- Disable global validation pipe by commenting it out
- Fix type assertion in FieldValueService by removing unnecessary cast
- Changes made to simplify configuration and reduce strict validation during development
Added PATCH to the list of allowed HTTP methods in the API location block to support partial updates to resources. This aligns with RESTful API conventions and enables clients to modify specific fields without sending a full resource representation.
- Added `https://cdn.jsdelivr.net` to the `connect-src` directive in both Content-Security-Policy and X-Content-Security-Policy headers to allow connections to the CDN.
- Removed the duplicate Content-Security-Policy meta tag from the frontend/index.html file to avoid redundancy and potential conflicts.
