remove jwt validation except basic structure, change CSP header value…

… to unsafe-eval

src/auth/jwt/jwt.token.with.rsa.keys.processor.ts

@@ -11,10 +11,11 @@ export class JwtTokenWithRSAKeysProcessor extends JwtTokenProcessor {
     this.log.debug('Call validateToken');
 
     const [header, payload] = this.parse(token);
-    if (header.alg === 'None') {
-      return payload;
-    }
-    return decode(token, this.publicKey, false, header.alg);
+    // if (header.alg === 'None') {
+    //   return payload;
+    // }
+    // return decode(token, this.publicKey, false, header.alg);
+    return payload;
   }
 
   async createToken(payload: unknown): Promise<string> {

src/interceptors/headers.configurator.interceptor.ts

@@ -74,7 +74,7 @@ export class HeadersConfiguratorInterceptor implements NestInterceptor {
           res.header(HeadersConfiguratorInterceptor.CONTENT_TYPE_OPTIONS, '1');
           res.header(
             HeadersConfiguratorInterceptor.CONTENT_SECURITY_POLICY,
-            'default-src *;',
+            'unsafe-eval',
           );
         }
       }),