github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 18:14:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(gateway): share Control UI bootstrap contract and CSP

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-16 03:35:11 +01:00
parent 6e7c1c16e7
commit c6e6023e3a
4 changed files with 42 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/gateway/control-ui-csp.test.ts Normal file
View File

@@ -0,0 +1,12 @@
import { describe, expect, it } from "vitest";
import { buildControlUiCspHeader } from "./control-ui-csp.js";
describe("buildControlUiCspHeader", () => {
it("blocks inline scripts while allowing inline styles", () => {
const csp = buildControlUiCspHeader();
expect(csp).toContain("frame-ancestors 'none'");
expect(csp).toContain("script-src 'self'");
expect(csp).not.toContain("script-src 'self' 'unsafe-inline'");
expect(csp).toContain("style-src 'self' 'unsafe-inline'");
});
});