TheFlow 905c374e3a fix(security): remove deprecated CSP block-all-mixed-content directive ... Removed 'block-all-mixed-content' from Content-Security-Policy as it's deprecated and made obsolete by 'upgrade-insecure-requests' which already handles mixed content by upgrading it to HTTPS. This eliminates the Firefox console warning: "Ignoring 'block-all-mixed-content' because mixed content display upgrading makes block-all-mixed-content obsolete." Modern browsers automatically upgrade all mixed content (HTTP resources on HTTPS pages) when upgrade-insecure-requests is present, providing the same security without the deprecated directive. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>		2025-10-24 12:44:51 +13:00
..
config	fix(submissions): restructure Economist package and fix article display	2025-10-24 08:47:42 +13:00
controllers	feat(translation): complete DeepL translation workflow	2025-10-24 11:22:50 +13:00
middleware	fix(security): remove deprecated CSP block-all-mixed-content directive	2025-10-24 12:44:51 +13:00
models	fix(analytics): remove SessionSchema.index sessionId duplicate	2025-10-24 10:25:02 +13:00
routes	fix(routes): Move editorial-guidelines route before /:slug catch-all	2025-10-24 12:04:17 +13:00
services	feat(translation): implement DeepL translation service (SOVEREIGN)	2025-10-24 11:16:33 +13:00
utils	fix(submissions): restructure Economist package and fix article display	2025-10-24 08:47:42 +13:00
server.js	fix(submissions): restructure Economist package and fix article display	2025-10-24 08:47:42 +13:00