mirror of
https://github.com/kccleoc/seedpgp-web.git
synced 2026-03-06 17:37:51 +08:00
basicSsl() removal ; Commenting CSP in index.html for dev
This commit is contained in:
LC mac
13
_headers
13
_headers
@@ -1,5 +1,16 @@
|
|||||||
/*
|
/*
|
||||||
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; connect-src 'none'; font-src 'self'; object-src 'none'; media-src 'self' blob:; base-uri 'self'; form-action 'none'; frame-ancestors 'none';
|
Cloudflare Pages headers for SeedPGP Web
|
||||||
|
This file must be named _headers at build output root, or in public/_headers,
|
||||||
|
depending on your deployment setup.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
Catch-all for the app
|
||||||
|
*/
|
||||||
|
/
|
||||||
|
|
||||||
|
/* Security headers */
|
||||||
|
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; connect-src 'self' blob: data:; font-src 'self'; object-src 'none'; media-src 'self' blob:; base-uri 'self'; form-action 'none'; frame-ancestors 'none';
|
||||||
X-Frame-Options: DENY
|
X-Frame-Options: DENY
|
||||||
X-Content-Type-Options: nosniff
|
X-Content-Type-Options: nosniff
|
||||||
Referrer-Policy: no-referrer
|
Referrer-Policy: no-referrer
|
||||||
|
|||||||
@@ -8,21 +8,24 @@
|
|||||||
<title>SeedPGP Web</title>
|
<title>SeedPGP Web</title>
|
||||||
|
|
||||||
<!-- Baseline CSP for generic builds.
|
<!-- Baseline CSP for generic builds.
|
||||||
TailsOS builds override this via Makefile (build-tails target). -->
|
TailsOS builds override this via Makefile (build-tails target).
|
||||||
|
Commented out for development to avoid CSP issues with WebAssembly.
|
||||||
<meta
|
<meta
|
||||||
http-equiv="Content-Security-Policy"
|
http-equiv="Content-Security-Policy"
|
||||||
content="
|
content="
|
||||||
default-src 'self';
|
default-src 'self';
|
||||||
script-src 'self' 'unsafe-inline';
|
script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval';
|
||||||
style-src 'self' 'unsafe-inline';
|
style-src 'self' 'unsafe-inline';
|
||||||
img-src 'self' data: blob:;
|
img-src 'self' data: blob:;
|
||||||
connect-src 'self';
|
connect-src 'self' blob: data:;
|
||||||
font-src 'self';
|
font-src 'self';
|
||||||
object-src 'none';
|
object-src 'none';
|
||||||
|
media-src 'self' blob:;
|
||||||
base-uri 'self';
|
base-uri 'self';
|
||||||
form-action 'none';
|
form-action 'none';
|
||||||
"
|
"
|
||||||
/>
|
/>
|
||||||
|
-->
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body>
|
<body>
|
||||||
|
|||||||
@@ -17,8 +17,9 @@ export default defineConfig({
|
|||||||
plugins: [
|
plugins: [
|
||||||
wasm(),
|
wasm(),
|
||||||
topLevelAwait(),
|
topLevelAwait(),
|
||||||
basicSsl(),
|
|
||||||
react(),
|
react(),
|
||||||
|
// basicSsl() plugin removed - it was causing MIME type issues with raw imports
|
||||||
|
// Enable only when specifically needed for HTTPS development
|
||||||
{
|
{
|
||||||
name: 'html-transform',
|
name: 'html-transform',
|
||||||
transformIndexHtml(html) {
|
transformIndexHtml(html) {
|
||||||
@@ -27,11 +28,17 @@ export default defineConfig({
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
server: {
|
server: {
|
||||||
host: '0.0.0.0',
|
headers: {
|
||||||
port: 5173,
|
'Content-Security-Policy': '', // Empty CSP for dev
|
||||||
strictPort: true,
|
},
|
||||||
https: true,
|
|
||||||
},
|
},
|
||||||
|
|
||||||
|
preview: {
|
||||||
|
headers: {
|
||||||
|
'Content-Security-Policy': '', // Empty for preview too
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
resolve: {
|
resolve: {
|
||||||
alias: {
|
alias: {
|
||||||
buffer: 'buffer',
|
buffer: 'buffer',
|
||||||
|
|||||||
Reference in New Issue
Block a user