updateweb

2025-12-24 00:13:23 -06:00
parent e4b3de4a46
commit 017c6376fc
88 changed files with 17866 additions and 1191 deletions
--- a/backend/server.js
+++ b/backend/server.js
@@ -29,10 +29,28 @@ app.use(
    contentSecurityPolicy: {
      directives: {
        defaultSrc: ["'self'"],
-        styleSrc: ["'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net"],
-        scriptSrc: ["'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net"],
+        styleSrc: [
+          "'self'",
+          "'unsafe-inline'",
+          "https://cdn.jsdelivr.net",
+          "https://cdn.quilljs.com",
+          "https://fonts.googleapis.com",
+        ],
+        scriptSrc: [
+          "'self'",
+          "'unsafe-inline'",
+          "'unsafe-eval'",
+          "https://cdn.jsdelivr.net",
+          "https://cdn.quilljs.com",
+        ],
+        scriptSrcAttr: ["'self'", "'unsafe-inline'"],
        imgSrc: ["'self'", "data:", "blob:"],
-        fontSrc: ["'self'", "https://cdn.jsdelivr.net"],
+        fontSrc: [
+          "'self'",
+          "https://cdn.jsdelivr.net",
+          "https://fonts.gstatic.com",
+        ],
+        connectSrc: ["'self'", "https://cdn.jsdelivr.net"],
      },
    },
    hsts: {
@@ -162,6 +180,11 @@ app.use("/api", publicRoutes);
 // Admin static files (must be after redirect routes)
 app.use("/admin", express.static(path.join(baseDir, "admin")));

+// Favicon route
+app.get("/favicon.ico", (req, res) => {
+  res.sendFile(path.join(baseDir, "public", "favicon.svg"));
+});
+
 // Root redirect to home page
 app.get("/", (req, res) => {
  res.sendFile(path.join(baseDir, "public", "index.html"));