| 12345678910111213141516 |
- import { session } from 'electron';
- // 设置内容安全策略(CSP),防止 XSS 攻击
- export function setContentSecurityPolicy(isDev) {
- session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
- const csp = isDev
- ? "default-src 'self'; script-src 'self' 'unsafe-inline' http://localhost:*; style-src 'self' 'unsafe-inline'; connect-src 'self' http://localhost:* ws://localhost:* https://ai-anim.com; img-src 'self' data: https: blob:; font-src 'self' data:; worker-src 'self' blob:;"
- : "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://ai-anim.com; img-src 'self' data: https:; font-src 'self' data:;";
-
- const responseHeaders = Object.assign({}, details.responseHeaders);
- responseHeaders['Content-Security-Policy'] = [csp];
-
- callback({ responseHeaders });
- });
- }
|
