From 08c3aa496d262f6cd6df56d675e595de999000e8 Mon Sep 17 00:00:00 2001 From: Debanjum Singh Solanky Date: Thu, 13 Jun 2024 14:23:11 +0530 Subject: [PATCH] Loosen CSP in Obsidian to load images, sync and allow Obsidian domain --- src/interface/obsidian/src/chat_view.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/interface/obsidian/src/chat_view.ts b/src/interface/obsidian/src/chat_view.ts index eba40279..73236b1d 100644 --- a/src/interface/obsidian/src/chat_view.ts +++ b/src/interface/obsidian/src/chat_view.ts @@ -82,12 +82,12 @@ export class KhojChatView extends KhojPaneView { super.onOpen(); // Construct Content Security Policy - let defaultDomains = `'self' ${this.setting.khojUrl} https://app.khoj.dev https://assets.khoj.dev`; + let defaultDomains = `'self' ${this.setting.khojUrl} https://*.obsidian.md https://app.khoj.dev https://assets.khoj.dev`; const defaultSrc = `default-src ${defaultDomains};`; const scriptSrc = `script-src ${defaultDomains} 'unsafe-inline';`; - const connectSrc = `connect-src ${this.setting.khojUrl} https://ipapi.co/json;`; + const connectSrc = `connect-src ${this.setting.khojUrl} wss://*.obsidian.md/ https://ipapi.co/json;`; const styleSrc = `style-src ${defaultDomains} 'unsafe-inline';`; - const imgSrc = `img-src ${defaultDomains} data: https://*.khoj.dev https://*.googleusercontent.com;`; + const imgSrc = `img-src * app: data:;`; const childSrc = `child-src 'none';`; const objectSrc = `object-src 'none';`; const csp = `${defaultSrc} ${scriptSrc} ${connectSrc} ${styleSrc} ${imgSrc} ${childSrc} ${objectSrc}`;