From 5f0ef971f40e9ac1311084b1b13a753a4b3b939a Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Mon, 19 Aug 2024 21:26:13 +0200
Subject: [PATCH] fix: :bug: Only apply security headers to /api/*

---
 app.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app.ts b/app.ts
index 182fc8a5..f3e560ee 100644
--- a/app.ts
+++ b/app.ts
@@ -41,6 +41,7 @@ export const appFactory = async () => {
     app.use(logger);
     app.use(boundaryCheck);
     app.use(
+        "/api/*",
         secureHeaders({
             contentSecurityPolicy: {
                 // We will not be returning HTML, so everything should be blocked