add connect-src to csp

2025-02-14 19:25:48 +00:00 · 2024-11-10 18:55:32 +02:00 · 2024-11-10 18:55:32 +02:00 · 0850654519
commit 0850654519
parent 6648c4be22
2 changed files with 43107 additions and 1 deletions
--- a/qortal.log
+++ b/qortal.log
--- a/src/main/java/org/qortal/arbitrary/ArbitraryDataRenderer.java
+++ b/src/main/java/org/qortal/arbitrary/ArbitraryDataRenderer.java
@ -168,7 +168,7 @@ public class ArbitraryDataRenderer {
                byte[] data = Files.readAllBytes(filePath); // TODO: limit file size that can be read into memory
                HTMLParser htmlParser = new HTMLParser(resourceId, inPath, prefix, includeResourceIdInPrefix, data, qdnContext, service, identifier, theme, usingCustomRouting);
                htmlParser.addAdditionalHeaderTags();
-                response.addHeader("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob:; img-src 'self' data: blob:;");
+                response.addHeader("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob:; img-src 'self' data: blob:; connect-src 'self' wss:;");
                response.setContentType(context.getMimeType(filename));
                response.setContentLength(htmlParser.getData().length);
                response.getOutputStream().write(htmlParser.getData());