public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-16 20:42:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(X-Pack): 第三方平台二维码无法加载

Browse Source
This commit is contained in:
fit2cloud-chenyw
2026-06-16 17:45:37 +08:00
committed by fit2cloud-chenyw
parent 356e83b518
commit 2e67974fba
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java
View File

@@ -37,7 +37,7 @@ public class HtmlResourceFilter implements Filter, Ordered {
httpResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
httpResponse.setHeader(HttpHeaders.EXPIRES, "0");
}
httpResponse.setHeader("Content-Security-Policy", "default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *; img-src * data: blob:; font-src * data:; connect-src *; frame-ancestors 'self'");
httpResponse.setHeader("Content-Security-Policy", "default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://g.alicdn.com https://lf-package-cn.feishucdn.com https://lf-package-us.larksuitecdn.com https://lf1-cdn-tos.bytegoofy.com https://wwcdn.weixin.qq.com; style-src 'self' 'unsafe-inline' *; img-src * data: blob:; font-src * data:; connect-src *; frame-ancestors 'self'");
httpResponse.setHeader("X-Content-Type-Options", "nosniff");
httpResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
httpResponse.setHeader("X-XSS-Protection", "1; mode=block");