Centralize definition of the content security policy and add in-app chat

- in-app chat is meant for support requests and currently is only in the settings page, where users are most likely to go if confused IMO
2026-03-03 21:29:08 +00:00 · 2024-12-08 17:57:27 -08:00
parent 0b87c13f8d
commit df66fb23ab
9 changed files with 78 additions and 63 deletions
--- a/src/interface/web/app/share/chat/layout.tsx
+++ b/src/interface/web/app/share/chat/layout.tsx
@@ -1,6 +1,7 @@
 import type { Metadata } from "next";
 import { noto_sans, noto_sans_arabic } from "@/app/fonts";
 import "../../globals.css";
+import { ContentSecurityPolicy } from "@/app/common/layoutHelper";

 export const metadata: Metadata = {
    title: "Khoj AI - Chat",
@@ -14,17 +15,7 @@ export default function RootLayout({
 }>) {
    return (
        <html lang="en" className={`${noto_sans.variable} ${noto_sans_arabic.variable}`}>
-            <meta
-                httpEquiv="Content-Security-Policy"
-                content="default-src 'self' https://assets.khoj.dev;
-                       script-src 'self' https://assets.khoj.dev 'unsafe-inline' 'unsafe-eval';
-                       connect-src 'self' blob: https://ipapi.co/json ws://localhost:42110;
-                       style-src 'self' https://assets.khoj.dev 'unsafe-inline' https://fonts.googleapis.com;
-                       img-src 'self' data: blob: https://*.khoj.dev https://*.googleusercontent.com https://*.google.com/ https://*.gstatic.com;
-                       font-src 'self' https://assets.khoj.dev https://fonts.gstatic.com;
-                       child-src 'none';
-                       object-src 'none';"
-            ></meta>
+            <ContentSecurityPolicy />
            <body>
                {children}
                <script