kccleoc/seedpgp-web
0
0
Fork 0
mirror of https://github.com/kccleoc/seedpgp-web.git synced 2026-03-07 09:57:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow blob: URLs for QR scanner CSP

Browse Source 
- Update img-src directive in _headers to include blob:
- QR image upload now works in Restore tab
- Maintain strict connect-src 'none' security
This commit is contained in:
LC mac
2026-01-31 02:17:02 +08:00
parent a607cd74cf
commit 16ca734271
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/_headers
View File

@@ -1,5 +1,5 @@
/* /*
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'none'; form-action 'none'; base-uri 'self'; Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; connect-src 'none'; form-action 'none'; base-uri 'self';
X-Frame-Options: DENY X-Frame-Options: DENY
X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block