fix: CSP img-src放宽为*通配符
This commit is contained in:
Developer
+1
-1
@@ -35,7 +35,7 @@ app.use(helmet({
|
|||||||
scriptSrc: ["'self'", "'unsafe-inline'"],
|
scriptSrc: ["'self'", "'unsafe-inline'"],
|
||||||
scriptSrcAttr: ["'unsafe-inline'"],
|
scriptSrcAttr: ["'unsafe-inline'"],
|
||||||
styleSrc: ["'self'", "'unsafe-inline'", "https:"],
|
styleSrc: ["'self'", "'unsafe-inline'", "https:"],
|
||||||
imgSrc: ["'self'", "data:", "https:", "http:", "blob:"],
|
imgSrc: ["*", "data:", "blob:"],
|
||||||
connectSrc: ["'self'", "https:", "http:"],
|
connectSrc: ["'self'", "https:", "http:"],
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|||||||
Reference in New Issue
Block a user