From a396a54f90a7a52c42b1723302bf57d12b2b102f Mon Sep 17 00:00:00 2001
From: Shenwei Wang <wangshenwei@qq.com>
Date: Tue, 17 Mar 2026 20:57:32 +0800
Subject: [PATCH] fix: modify CSP to allow connect-src blob (#549)

* Modify CSP to allow connect-src blob

Updated Content Security Policy to include 'blob' in connect-src.

Fixing #548

* chore(ci): Disable Updater for Fork PRs

* fix: disable createUpdaterArtifacts for fork PRs

* fix: always disable createUpdaterArtifacts

* fix: fix typos
---
 .github/workflows/test.yml | 2 +-
 src-tauri/tauri.conf.json  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 9fd845e..37afe65 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -48,4 +48,4 @@ jobs:
         # TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
         NODE_OPTIONS: "--max_old_space_size=4096"
       with:
-          args: ${{ matrix.args }}
+          args: ${{ matrix.args }} --config '{"bundle":{"createUpdaterArtifacts":false}}'
diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json
index 9c906b4..80cfc68 100644
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@@ -59,7 +59,7 @@
   },
   "app": {
     "security": {
-      "csp": "default-src 'self' blob: data: filesystem: ws: wss: http: https: tauri:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: filesystem: ws: wss: http: https: tauri:; img-src 'self' data: blob: filesystem: http: https:; connect-src 'self' ipc: ws: wss: http: https: http://ipc.localhost"
+      "csp": "default-src 'self' blob: data: filesystem: ws: wss: http: https: tauri:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: filesystem: ws: wss: http: https: tauri:; img-src 'self' data: blob: filesystem: http: https:; connect-src 'self' blob: ipc: ws: wss: http: https: http://ipc.localhost"
     }
   }
 }