Superuser/miniapp-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 放宽CSP策略,允许http和blob图片源

Browse Source
This commit is contained in:
Developer
2026-05-17 13:07:43 +08:00
parent bfbfdccdea
commit c3b309413e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app.js
+2 -2
View File
@@ -35,8 +35,8 @@ app.use(helmet({
scriptSrc: ["'self'", "'unsafe-inline'"], scriptSrc: ["'self'", "'unsafe-inline'"],
scriptSrcAttr: ["'unsafe-inline'"], scriptSrcAttr: ["'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'", "https:"], styleSrc: ["'self'", "'unsafe-inline'", "https:"],
imgSrc: ["'self'", "data:", "https:"], imgSrc: ["'self'", "data:", "https:", "http:", "blob:"],
connectSrc: ["'self'", "https:"], connectSrc: ["'self'", "https:", "http:"],
}, },
}, },
})); }));