GitHub/Anki
1
0
Fork 0
mirror of https://github.com/ankitects/anki.git synced 2025-09-18 14:02:21 -04:00
Code Issues Projects Releases Packages 1 Wiki Activity Actions

Add add-on scripts to editor CSP (#3942)

Browse source 
(cherry picked from commit 79b19a17a3)
This commit is contained in:
Aristotelis 2025-04-24 07:28:25 +02:00 committed by Damien Elmes
parent 9cfd8af34e
commit 9387a85f02
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
qt/aqt/mediasrv.py
View file

@ -750,8 +750,12 @@ def legacy_page_data() -> Response:
# have access to our internal API, and is a security risk.
if page.context == PageContext.EDITOR:
port = aqt.mw.mediaServer.getPort()
csp_paths = (
f"http://127.0.0.1:{port}/_anki/",
f"http://127.0.0.1:{port}/_addons/",
)
response.headers["Content-Security-Policy"] = (
f"script-src http://127.0.0.1:{port}/_anki/"
f"script-src {' '.join(csp_paths)}"
)
return response
else: