From f8762264d3e52113738aefe415fffcff37a4e125 Mon Sep 17 00:00:00 2001
From: ken <1610057945@qq.com>
Date: Thu, 11 May 2023 17:14:59 +0800
Subject: [PATCH 1/3] vector/index.html: Allow fetching blob and data urls

---
 src/vector/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vector/index.html b/src/vector/index.html
index 542c6f4d150..03511e17ab4 100644
--- a/src/vector/index.html
+++ b/src/vector/index.html
@@ -28,7 +28,7 @@
         style-src 'self' 'unsafe-inline' <%= csp_extra_source %>;
         script-src 'self' 'wasm-unsafe-eval' https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ <%= csp_extra_source %>;
         img-src * blob: data:;
-        connect-src *;
+        connect-src * blob: data:;
         font-src 'self' data: <%= csp_extra_source %>;
         media-src * blob: data:;
         child-src * blob: data:;

From 05b5815a12c444fdce419f0e77001046c7ecb208 Mon Sep 17 00:00:00 2001
From: ken <1610057945@qq.com>
Date: Thu, 11 May 2023 17:14:59 +0800
Subject: [PATCH 2/3] vector/index.html: Allow fetching blob and data urls
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 许煜恒 xyhken@icloud.com
---
 src/vector/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vector/index.html b/src/vector/index.html
index 542c6f4d150..03511e17ab4 100644
--- a/src/vector/index.html
+++ b/src/vector/index.html
@@ -28,7 +28,7 @@
         style-src 'self' 'unsafe-inline' <%= csp_extra_source %>;
         script-src 'self' 'wasm-unsafe-eval' https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ <%= csp_extra_source %>;
         img-src * blob: data:;
-        connect-src *;
+        connect-src * blob: data:;
         font-src 'self' data: <%= csp_extra_source %>;
         media-src * blob: data:;
         child-src * blob: data:;

From a0ef68b250b2664588ec19a42a770e5df4553d82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=AE=B8=E7=85=9C=E6=81=92?= <xyhken@icloud.com>
Date: Thu, 11 May 2023 21:11:31 +0800
Subject: [PATCH 3/3] CSP: Remove data from connect-src

---
 src/vector/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vector/index.html b/src/vector/index.html
index 03511e17ab4..9f41e6c2161 100644
--- a/src/vector/index.html
+++ b/src/vector/index.html
@@ -28,7 +28,7 @@
         style-src 'self' 'unsafe-inline' <%= csp_extra_source %>;
         script-src 'self' 'wasm-unsafe-eval' https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ <%= csp_extra_source %>;
         img-src * blob: data:;
-        connect-src * blob: data:;
+        connect-src * blob:;
         font-src 'self' data: <%= csp_extra_source %>;
         media-src * blob: data:;
         child-src * blob: data:;