Update CSP to allow external CDN resources

- Added https://cdn.jsdelivr.net and https://cdnjs.cloudflare.com to script-src, style-src, and font-src - Required for Bootstrap and FontAwesome loading - Maintains security while allowing necessary external resources

Update CSP to allow external CDN resources
- Added https://cdn.jsdelivr.net and https://cdnjs.cloudflare.com to script-src, style-src, and font-src - Required for Bootstrap and FontAwesome loading - Maintains security while allowing necessary external resources
a7177ce8 · Stefy Lanza (nextime / spora ) · 8ae74833 · a7177ce8
Commit a7177ce8 authored Sep 24, 2025 by Stefy Lanza (nextime / spora )
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

web.c wssshd2/web.c +2 -2

No files found.
--- a/wssshd2/web.c
+++ b/wssshd2/web.c
@@ -2444,8 +2444,8 @@ static int handle_request(int client_fd, const http_request_t *req) {
            char html[32768];
            int len = snprintf(html, sizeof(html), rdp_page_html,
                client_id, client_id, client_id, client_id, client_id);
-            // Add CSP header for WebAssembly support
+            // Add CSP header for WebAssembly support and external resources
-            const char *csp_header = "Content-Security-Policy: script-src 'self' 'unsafe-eval';";
+            const char *csp_header = "Content-Security-Policy: script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; font-src 'self' https://cdnjs.cloudflare.com;";
            send_response(client_fd, 200, "OK", "text/html", html, len, NULL, csp_header);
        } else {
            // Handle RDP actions (connect, disconnect)