Merge branch 'master' into 3D-dev

2026-01-13 15:19:32 +08:00 · 2026-01-13 15:19:32 +08:00 · 0d6812cbb3
parent 9c33c613d9 1a590400c7
commit 0d6812cbb3
1 changed files with 4 additions and 3 deletions
--- a/src/main/java/com/bonus/digitalSignage/config/CspFilter.java
+++ b/src/main/java/com/bonus/digitalSignage/config/CspFilter.java
@ -107,7 +107,7 @@ public class CspFilter implements Filter {
            String frameAncestors = allowIframe ? "'self'" : "'none'";
            cspPolicy = "default-src 'self'; " +
-                    "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:; " +
+                    "script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; " +
                    "style-src 'self' 'unsafe-inline' data: blob:; " +
                    "img-src 'self' data: blob: https:; " +
                    "font-src 'self' data: blob: https:; " +
@ -124,12 +124,13 @@ public class CspFilter implements Filter {
            String frameAncestors = allowIframe ? "'self'" : "'none'";
            cspPolicy = "default-src 'self'; " +
-                    "script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; " +
+                    "script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; " +
                    "style-src 'self' 'unsafe-inline' https:; " +
                    "img-src 'self' data: blob: https:; " +
                    "font-src 'self' data: https:; " +
                    "connect-src 'self' https:; " +
                    "frame-ancestors " + frameAncestors + "; " +
                    "worker-src 'self' blob: data:;"+
                    "form-action 'self'; " +
                    "object-src 'none'; " +
                    "base-uri 'self'; " +