[api] Fix helmet upgrade secure

.circleci/config.yml

@@ -616,4 +616,9 @@ workflows:
       - notify:
           requires:
             - docker_build_platform
-            - docker_build_worker
+            - docker_build_worker
+          filters:
+            tags:
+              only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)*/
+            branches:
+              ignore: /.*/

opencti-platform/opencti-graphql/src/database/middleware.js

@@ -987,7 +987,7 @@ const hashMergeValidation = (instances) => {
     Object.entries(groupElements).forEach(([algo, values]) => {
       const hashes = R.uniq(values.map(([, data]) => data));
       if (hashes.length > 1) {
-        const field = `hash_${algo.toUpperCase()}`;
+        const field = `hashes_${algo.toUpperCase()}`;
         const message = { message: `Hashes collision for ${algo} algorithm` };
         throw ValidationError(field, message);
       }

opencti-platform/opencti-graphql/src/http/httpPlatform.js

@@ -59,7 +59,10 @@ const createApp = async (apolloServer) => {
     expectCt: { enforce: true, maxAge: 30 },
     referrerPolicy: { policy: 'unsafe-url' },
     crossOriginEmbedderPolicy: false,
+    crossOriginOpenerPolicy: false,
+    crossOriginResourcePolicy: false,
     contentSecurityPolicy: {
+      useDefaults: false,
       directives: {
         defaultSrc: ["'self'"],
         scriptSrc,
@@ -69,6 +72,12 @@ const createApp = async (apolloServer) => {
           'http://cdn.jsdelivr.net/npm/@apollographql/',
           'https://fonts.googleapis.com/',
         ],
+        scriptSrcAttr: [
+          "'self'",
+          "'unsafe-inline'",
+          'http://cdn.jsdelivr.net/npm/@apollographql/',
+          'https://fonts.googleapis.com/',
+        ],
         fontSrc: ["'self'", 'https://fonts.gstatic.com/'],
         imgSrc: ["'self'", 'data:', 'https://*', 'http://*'],
         connectSrc: ["'self'", 'wss://*', 'ws://*', 'data:', 'http://*', 'https://*'],