fix(android): allow network requests and relax WebView CSP
Enable cleartext HTTP in release APK, add network security config, and set connect-src CSP. Add CORS on Worker API for cross-origin fetches from packaged apps. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -21,7 +21,16 @@
|
||||
}
|
||||
],
|
||||
"security": {
|
||||
"csp": null
|
||||
"csp": {
|
||||
"default-src": "'self' asset: tauri: https: http: data: blob: file:",
|
||||
"connect-src": "'self' asset: tauri: https: http: ws: wss: data: blob: file:",
|
||||
"img-src": "'self' asset: tauri: https: http: data: blob: file:",
|
||||
"media-src": "'self' asset: tauri: https: http: data: blob: file:",
|
||||
"style-src": "'self' 'unsafe-inline' asset: tauri: https: http:",
|
||||
"script-src": "'self' 'unsafe-inline' 'unsafe-eval' asset: tauri: https: http:",
|
||||
"frame-src": "'self' asset: tauri: https: http: data: blob:",
|
||||
"worker-src": "'self' blob: data:"
|
||||
}
|
||||
}
|
||||
},
|
||||
"bundle": {
|
||||
|
||||
Reference in New Issue
Block a user