|
|
@@ -16,8 +16,8 @@ module.exports = options => {
|
|
|
ctx.set('strict-transport-security', 'max-age=31536000; includeSubDomains; preload');
|
|
|
//
|
|
|
const csp = [
|
|
|
- 'default-src', `'self' 'unsafe-inline' https://jiliang-qa.oss-cn-shenzhen.aliyuncs.com/ ${ctx.app.config.fujianOssPath} https://open.weixin.qq.com/ https://res.wx.qq.com/;`,
|
|
|
- 'img-src', `'self' data: blob: ${ctx.app.config.fujianOssPath};`,
|
|
|
+ 'default-src', `'self' 'unsafe-inline' https://*.smartcost.com.cn https://*.aliyuncs.com https://*.qq.com/ https://res.wx.qq.com/;`,
|
|
|
+ 'img-src', `'self' data: blob: https://*.aliyuncs.com http://*.smartcost.com.cn;`,
|
|
|
];
|
|
|
ctx.set('Content-Security-Policy', csp.join(' '));
|
|
|
// IE8以上版本用户,在下载时,不显示打开选项
|
