From b31835a74d6169e0395a5e5d87f17b68b487e79d Mon Sep 17 00:00:00 2001
From: Developer <dev@quanyixiaozhushou.com>
Date: Sun, 17 May 2026 13:10:44 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20CSP=20img-src=E6=94=BE=E5=AE=BD=E4=B8=BA?=
 =?UTF-8?q?*=E9=80=9A=E9=85=8D=E7=AC=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app.js b/src/app.js
index b2a9bfc..084bd43 100644
--- a/src/app.js
+++ b/src/app.js
@@ -35,7 +35,7 @@ app.use(helmet({
       scriptSrc: ["'self'", "'unsafe-inline'"],
       scriptSrcAttr: ["'unsafe-inline'"],
       styleSrc: ["'self'", "'unsafe-inline'", "https:"],
-      imgSrc: ["'self'", "data:", "https:", "http:", "blob:"],
+      imgSrc: ["*", "data:", "blob:"],
       connectSrc: ["'self'", "https:", "http:"],
     },
   },