From 2e67974fba764558cd1db35175fdb055bd9f5f4e Mon Sep 17 00:00:00 2001 From: fit2cloud-chenyw Date: Tue, 16 Jun 2026 17:45:37 +0800 Subject: [PATCH] =?UTF-8?q?fix(X-Pack):=20=E7=AC=AC=E4=B8=89=E6=96=B9?= =?UTF-8?q?=E5=B9=B3=E5=8F=B0=E4=BA=8C=E7=BB=B4=E7=A0=81=E6=97=A0=E6=B3=95?= =?UTF-8?q?=E5=8A=A0=E8=BD=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/io/dataease/filter/HtmlResourceFilter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java b/sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java index d97858247b..fdb8152efb 100644 --- a/sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java +++ b/sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java @@ -37,7 +37,7 @@ public class HtmlResourceFilter implements Filter, Ordered { httpResponse.setHeader(HttpHeaders.PRAGMA, "no-cache"); httpResponse.setHeader(HttpHeaders.EXPIRES, "0"); } - httpResponse.setHeader("Content-Security-Policy", "default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *; img-src * data: blob:; font-src * data:; connect-src *; frame-ancestors 'self'"); + httpResponse.setHeader("Content-Security-Policy", "default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://g.alicdn.com https://lf-package-cn.feishucdn.com https://lf-package-us.larksuitecdn.com https://lf1-cdn-tos.bytegoofy.com https://wwcdn.weixin.qq.com; style-src 'self' 'unsafe-inline' *; img-src * data: blob:; font-src * data:; connect-src *; frame-ancestors 'self'"); httpResponse.setHeader("X-Content-Type-Options", "nosniff"); httpResponse.setHeader("X-Frame-Options", "SAMEORIGIN"); httpResponse.setHeader("X-XSS-Protection", "1; mode=block");