refactor: update Content Security Policy to allow 'wasm-unsafe-eval' and set nonce in response headers

2025-10-20 11:42:01 +08:00 · 2025-10-20 11:42:01 +08:00 · 00af0ed63c
parent 138a8b9f7a
commit 00af0ed63c
1 changed files with 1 additions and 1 deletions
--- a/web/middleware.ts
+++ b/web/middleware.ts
@ -33,7 +33,7 @@ export function middleware(request: NextRequest) {
  const cspHeader = `
    default-src 'self' ${scheme_source} ${csp} ${whiteList};
    connect-src 'self' ${scheme_source} ${csp} ${whiteList};
-    script-src 'self' 'wasm-unsafe-eval' ${scheme_source} ${csp} ${whiteList};
+    script-src 'self' ${scheme_source} ${csp} ${whiteList};
    style-src 'self' 'unsafe-inline' ${scheme_source} ${whiteList};
    worker-src 'self' ${scheme_source} ${csp} ${whiteList};
    media-src 'self' ${scheme_source} ${csp} ${whiteList};