diff --git a/packages/backend/src/server/FileServerService.ts b/packages/backend/src/server/FileServerService.ts index 11721263d3..0c7fc8cefe 100644 --- a/packages/backend/src/server/FileServerService.ts +++ b/packages/backend/src/server/FileServerService.ts @@ -61,6 +61,9 @@ export class FileServerService { public createServer(fastify: FastifyInstance, options: FastifyPluginOptions, done: (err?: Error) => void) { fastify.addHook('onRequest', (request, reply, done) => { reply.header('Content-Security-Policy', 'default-src \'none\'; img-src \'self\'; media-src \'self\'; style-src \'unsafe-inline\''); + if (process.env.NODE_ENV === 'development') { + reply.header('Access-Control-Allow-Origin', '*'); + } done(); }); diff --git a/packages/frontend/src/index.html b/packages/frontend/src/index.html index 558856690d..8de01e4802 100644 --- a/packages/frontend/src/index.html +++ b/packages/frontend/src/index.html @@ -12,7 +12,7 @@ <html> <head> <meta charset="UTF-8" /> - <title>misskey</title> + <title>[DEV] Loading...</title> <!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP --> <meta http-equiv="Content-Security-Policy" @@ -21,7 +21,8 @@ script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google.com xn--931a.moe localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000; - media-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000;" + media-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000; + connect-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000;" /> <meta property="og:site_name" content="[DEV BUILD] Misskey" /> <meta name="viewport" content="width=device-width, initial-scale=1">