GitHub/Anki
1
0
Fork 0
mirror of https://github.com/ankitects/anki.git synced 2025-09-19 06:22:22 -04:00
Code Issues Projects Releases Packages 1 Wiki Activity Actions

Add add-on scripts to editor CSP (#3942)

Browse source
This commit is contained in:
Aristotelis 2025-04-24 07:28:25 +02:00 committed by GitHub
parent 1e74e8e86e
commit 79b19a17a3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
qt/aqt/mediasrv.py
View file

@ -752,8 +752,12 @@ def legacy_page_data() -> Response:
# have access to our internal API, and is a security risk. # have access to our internal API, and is a security risk.
if page.context == PageContext.EDITOR: if page.context == PageContext.EDITOR:
port = aqt.mw.mediaServer.getPort() port = aqt.mw.mediaServer.getPort()
csp_paths = (
f"http://127.0.0.1:{port}/_anki/",
f"http://127.0.0.1:{port}/_addons/",
)
response.headers["Content-Security-Policy"] = ( response.headers["Content-Security-Policy"] = (
f"script-src http://127.0.0.1:{port}/_anki/" f"script-src {' '.join(csp_paths)}"
) )
return response return response
else: else: