Disable CSP in Khoj Obsidian as it interferes with Obsidian functionality

The Khoj CSP interferes with other Obsidian features and plugins as
CSP is applied page wide.

For now chat message sanitization via Dompurify should suffice.

Enable CSP when can scope it to only the Khoj Obsidian plugin.
This commit is contained in:
Debanjum Singh Solanky 2024-06-23 16:16:53 +05:30
parent a353d883a0
commit 69c9e8cc08

View file

@ -96,8 +96,9 @@ export class KhojChatView extends KhojPaneView {
const objectSrc = `object-src 'none';`; const objectSrc = `object-src 'none';`;
const csp = `${defaultSrc} ${scriptSrc} ${connectSrc} ${styleSrc} ${imgSrc} ${childSrc} ${objectSrc}`; const csp = `${defaultSrc} ${scriptSrc} ${connectSrc} ${styleSrc} ${imgSrc} ${childSrc} ${objectSrc}`;
// Add CSP meta tag to the Khoj Chat modal // WARNING: CSP DISABLED for now as it breaks other Obsidian plugins. Enable when can scope CSP to only Khoj plugin.
document.head.createEl("meta", { attr: { "http-equiv": "Content-Security-Policy", "content": `${csp}` } }); // CSP meta tag for the Khoj Chat modal
// document.head.createEl("meta", { attr: { "http-equiv": "Content-Security-Policy", "content": `${csp}` } });
// Create area for chat logs // Create area for chat logs
let chatBodyEl = contentEl.createDiv({ attr: { id: "khoj-chat-body", class: "khoj-chat-body" } }); let chatBodyEl = contentEl.createDiv({ attr: { id: "khoj-chat-body", class: "khoj-chat-body" } });