How to enable and disable upgradeInsecureRequests csp directive using Helmet 4.4.1 version node.js module
This works for me:
app.use(
helmet.contentSecurityPolicy({
directives: {
"script-src": ["'self'"],
upgradeInsecureRequests: null
},
})
);
Setting upgradeInsecureRequests to null:
upgradeInsecureRequests: null