Relax img-src to fix speech recognition image search
parent
2ca58ca8f2
commit
3126e42acb
|
@ -7,11 +7,13 @@
|
|||
|
||||
<!-- This should mirror CSP in electron-main.js, except maybe for firebase stuff. -->
|
||||
<!-- Firebase stuff is somewhat speculative, as the quota is exceeded as I'm adding this. -->
|
||||
<!-- Lax img-src is needed for speech recognition, e.g. interpret_command("draw a cat")[0].exec(); -->
|
||||
<!-- connect-src needs data:/blob: for loading images via fetch, including from local storage. -->
|
||||
<meta http-equiv="Content-Security-Policy" content="
|
||||
default-src 'self';
|
||||
script-src 'self' https://jspaint.firebaseio.com;
|
||||
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
|
||||
img-src 'self' data: blob: https://i.postimg.cc;
|
||||
img-src 'self' data: blob: http: https:;
|
||||
font-src 'self' https://fonts.gstatic.com;
|
||||
connect-src * data: blob: https://jspaint.firebaseio.com wss://jspaint.firebaseio.com;
|
||||
">
|
||||
|
|
|
@ -135,7 +135,7 @@ const createWindow = () => {
|
|||
"Content-Security-Policy": [`
|
||||
default-src 'self';
|
||||
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
|
||||
img-src 'self' data: blob: https://i.postimg.cc;
|
||||
img-src 'self' data: blob: http: https:;
|
||||
font-src 'self' https://fonts.gstatic.com;
|
||||
connect-src * data: blob:;
|
||||
`],
|
||||
|
|
Loading…
Reference in New Issue