opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-28 20:17:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor: update Content Security Policy to allow 'wasm-unsafe-eval' and set nonce in response headers

Browse Source
This commit is contained in:
CodingOnStar 2025-10-20 11:26:59 +08:00
parent c200bbb9fc
commit 28c5d3898f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/middleware.ts
View File

@ -33,7 +33,7 @@ export function middleware(request: NextRequest) {
const cspHeader = ` const cspHeader = `
default-src 'self' ${scheme_source} ${csp} ${whiteList}; default-src 'self' ${scheme_source} ${csp} ${whiteList};
connect-src 'self' ${scheme_source} ${csp} ${whiteList}; connect-src 'self' ${scheme_source} ${csp} ${whiteList};
script-src 'self' ${scheme_source} ${csp} ${whiteList}; script-src 'self' 'wasm-unsafe-eval' ${scheme_source} ${csp} ${whiteList};
style-src 'self' 'unsafe-inline' ${scheme_source} ${whiteList}; style-src 'self' 'unsafe-inline' ${scheme_source} ${whiteList};
worker-src 'self' ${scheme_source} ${csp} ${whiteList}; worker-src 'self' ${scheme_source} ${csp} ${whiteList};
media-src 'self' ${scheme_source} ${csp} ${whiteList}; media-src 'self' ${scheme_source} ${csp} ${whiteList};
@ -56,6 +56,7 @@ export function middleware(request: NextRequest) {
contentSecurityPolicyHeaderValue, contentSecurityPolicyHeaderValue,
) )
response.headers.set('x-nonce', nonce)
response.headers.set( response.headers.set(
'Content-Security-Policy', 'Content-Security-Policy',
contentSecurityPolicyHeaderValue, contentSecurityPolicyHeaderValue,