fix: broken layout on Tor instances

added a new flag to optionally disable 'upgrade-insecure'requests' CSP directive which caused the breakage.

app.js

@@ -20,10 +20,12 @@ const app = express();
 // 1. IMPORTANT MIDDLWARES
 app.use(compression()); // compressing responses
 app.use(
-  helmet({
+ helmet({
     contentSecurityPolicy: {
       directives: {
         'script-src': ["'self'", 'cdn.jsdelivr.net'],
+        'block-all-mixed-content': null, // deprecated.
+        'upgrade-insecure-requests': process.env.NO_UPGRADE ? null : [],
       },
     },
     crossOriginEmbedderPolicy: false,