radex
/
jspaint
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Relax img-src to fix speech recognition image search

main
Isaiah Odhner 2022-01-18 23:25:22 -05:00
parent 2ca58ca8f2
commit 3126e42acb
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
index.html
View File

@ -7,11 +7,13 @@
<!-- This should mirror CSP in electron-main.js, except maybe for firebase stuff. -->
<!-- Firebase stuff is somewhat speculative, as the quota is exceeded as I'm adding this. -->
<!-- Lax img-src is needed for speech recognition, e.g. interpret_command("draw a cat")[0].exec(); -->
<!-- connect-src needs data:/blob: for loading images via fetch, including from local storage. -->
<meta http-equiv="Content-Security-Policy" content="
default-src 'self';
script-src 'self' https://jspaint.firebaseio.com;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
img-src 'self' data: blob: https://i.postimg.cc;
img-src 'self' data: blob: http: https:;
font-src 'self' https://fonts.gstatic.com;
connect-src * data: blob: https://jspaint.firebaseio.com wss://jspaint.firebaseio.com;
">

2
src/electron-main.js
View File

@ -135,7 +135,7 @@ const createWindow = () => {
"Content-Security-Policy": [`
default-src 'self';
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
img-src 'self' data: blob: https://i.postimg.cc;
img-src 'self' data: blob: http: https:;
font-src 'self' https://fonts.gstatic.com;
connect-src * data: blob:;
`],