fix(android): allow network requests and relax WebView CSP

Enable cleartext HTTP in release APK, add network security config, and set connect-src CSP. Add CORS on Worker API for cross-origin fetches from packaged apps.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
2026-06-06 13:53:05 +08:00
parent 58d5dc8ae8
commit f8b05c69d6
7 changed files with 191 additions and 16 deletions

View File

@@ -21,7 +21,16 @@
}
],
"security": {
"csp": null
"csp": {
"default-src": "'self' asset: tauri: https: http: data: blob: file:",
"connect-src": "'self' asset: tauri: https: http: ws: wss: data: blob: file:",
"img-src": "'self' asset: tauri: https: http: data: blob: file:",
"media-src": "'self' asset: tauri: https: http: data: blob: file:",
"style-src": "'self' 'unsafe-inline' asset: tauri: https: http:",
"script-src": "'self' 'unsafe-inline' 'unsafe-eval' asset: tauri: https: http:",
"frame-src": "'self' asset: tauri: https: http: data: blob:",
"worker-src": "'self' blob: data:"
}
}
},
"bundle": {