mirror of
https://github.com/jhbruhn/respira.git
synced 2026-01-27 02:13:41 +00:00
Jan-Henrik Bruhn
8e84cbf609
- Add strict Content Security Policy to protect against XSS attacks - Implement custom app:// protocol for production builds with proper headers - Enable secure cross-origin isolation for SharedArrayBuffer support - Remove insecure --enable-features bypass flag - Add proper COOP/COEP/CORP headers for all resources - Allow Pyodide workers to function in production builds This fixes critical security vulnerabilities while maintaining full functionality including Pyodide web workers and SharedArrayBuffer. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
30 lines
896 B
HTML
30 lines
896 B
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<!-- Content Security Policy - Strict local-only configuration -->
|
|
<meta
|
|
http-equiv="Content-Security-Policy"
|
|
content="
|
|
default-src 'self' app:;
|
|
script-src 'self' app: 'wasm-unsafe-eval';
|
|
style-src 'self' app: 'unsafe-inline';
|
|
img-src 'self' app: data: blob:;
|
|
font-src 'self' app: data:;
|
|
connect-src 'self' app:;
|
|
worker-src 'self' app: blob:;
|
|
child-src 'none';
|
|
object-src 'none';
|
|
base-uri 'self';
|
|
form-action 'none';
|
|
"
|
|
/>
|
|
<link rel="icon" type="image/svg+xml" href="/icon.svg" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<title>Respira</title>
|
|
</head>
|
|
<body>
|
|
<div id="root"></div>
|
|
<script type="module" src="/src/main.tsx"></script>
|
|
</body>
|
|
</html>
|