From 1a590400c7cb92e95267a1f85428a5d806e06190 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=A9=AC=E4=B8=89=E7=82=AE?= <15856818120@163.com> Date: Tue, 13 Jan 2026 15:13:12 +0800 Subject: [PATCH] =?UTF-8?q?=E7=B4=A2=E9=81=93=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/bonus/digitalSignage/config/CspFilter.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/bonus/digitalSignage/config/CspFilter.java b/src/main/java/com/bonus/digitalSignage/config/CspFilter.java index e9be2df..b3ce411 100644 --- a/src/main/java/com/bonus/digitalSignage/config/CspFilter.java +++ b/src/main/java/com/bonus/digitalSignage/config/CspFilter.java @@ -107,7 +107,7 @@ public class CspFilter implements Filter { String frameAncestors = allowIframe ? "'self'" : "'none'"; cspPolicy = "default-src 'self'; " + - "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:; " + + "script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; " + "style-src 'self' 'unsafe-inline' data: blob:; " + "img-src 'self' data: blob: https:; " + "font-src 'self' data: blob: https:; " + @@ -124,12 +124,13 @@ public class CspFilter implements Filter { String frameAncestors = allowIframe ? "'self'" : "'none'"; cspPolicy = "default-src 'self'; " + - "script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; " + + "script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; " + "style-src 'self' 'unsafe-inline' https:; " + "img-src 'self' data: blob: https:; " + "font-src 'self' data: https:; " + "connect-src 'self' https:; " + "frame-ancestors " + frameAncestors + "; " + + "worker-src 'self' blob: data:;"+ "form-action 'self'; " + "object-src 'none'; " + "base-uri 'self'; " + @@ -233,4 +234,4 @@ public class CspFilter implements Filter { public void destroy() { // 清理资源 } -} \ No newline at end of file +}