@networkpro/web 1.26.13 → 1.26.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -1
- package/package.json +1 -1
- package/src/app.html +3 -0
- package/src/hooks.server.js +4 -3
package/CHANGELOG.md
CHANGED
|
@@ -24,6 +24,16 @@ version increments reflecting both user-visible and operational impact.
|
|
|
24
24
|
|
|
25
25
|
---
|
|
26
26
|
|
|
27
|
+
## [1.26.14] - 2026-03-07
|
|
28
|
+
|
|
29
|
+
### Changed
|
|
30
|
+
|
|
31
|
+
- Bumped project version to `v1.26.14`.
|
|
32
|
+
- Added deferred script to `src/app.html` to display the Keep Android Open banner.
|
|
33
|
+
- Allowed `https://keepandroidopen.org` in `Content-Security-Policy` `script-src` across production, audit, and dev/test modes to support the Keep Android Open banner script.
|
|
34
|
+
|
|
35
|
+
---
|
|
36
|
+
|
|
27
37
|
## [1.26.13] - 2026-03-07
|
|
28
38
|
|
|
29
39
|
### Changed
|
|
@@ -2505,7 +2515,8 @@ This enables analytics filtering and CSP hardening for the audit environment.
|
|
|
2505
2515
|
|
|
2506
2516
|
<!-- Link references -->
|
|
2507
2517
|
|
|
2508
|
-
[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.26.
|
|
2518
|
+
[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.26.14...HEAD
|
|
2519
|
+
[1.26.14]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.14
|
|
2509
2520
|
[1.26.13]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.13
|
|
2510
2521
|
[1.26.12]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.12
|
|
2511
2522
|
[1.26.11]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.11
|
package/package.json
CHANGED
package/src/app.html
CHANGED
package/src/hooks.server.js
CHANGED
|
@@ -51,7 +51,7 @@ export async function handle({ event, resolve }) {
|
|
|
51
51
|
|
|
52
52
|
const cspDirectives = [
|
|
53
53
|
"default-src 'self';",
|
|
54
|
-
"script-src 'self' 'unsafe-inline' https://us.i.posthog.com https://us-assets.i.posthog.com;",
|
|
54
|
+
"script-src 'self' 'unsafe-inline' https://us.i.posthog.com https://us-assets.i.posthog.com https://keepandroidopen.org;",
|
|
55
55
|
"style-src 'self' 'unsafe-inline';",
|
|
56
56
|
"img-src 'self' data:;",
|
|
57
57
|
"connect-src 'self' https://us.i.posthog.com https://us-assets.i.posthog.com;",
|
|
@@ -66,7 +66,7 @@ export async function handle({ event, resolve }) {
|
|
|
66
66
|
// 🧪 Looser CSP for local/CI test environments
|
|
67
67
|
if (isDebug) {
|
|
68
68
|
cspDirectives[1] =
|
|
69
|
-
"script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* ws://localhost
|
|
69
|
+
"script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* ws://localhost:* https://keepandroidopen.org;";
|
|
70
70
|
cspDirectives[2] = "style-src 'self' 'unsafe-inline' http://localhost:*;";
|
|
71
71
|
cspDirectives[3] = "img-src 'self' data: http://localhost:*;";
|
|
72
72
|
cspDirectives[4] =
|
|
@@ -75,7 +75,8 @@ export async function handle({ event, resolve }) {
|
|
|
75
75
|
|
|
76
76
|
// 🧩 Hardened CSP for audit environment — no analytics, no CSP reporting
|
|
77
77
|
if (isAudit) {
|
|
78
|
-
cspDirectives[1] =
|
|
78
|
+
cspDirectives[1] =
|
|
79
|
+
"script-src 'self' 'unsafe-inline' https://keepandroidopen.org;";
|
|
79
80
|
cspDirectives[2] = "style-src 'self' 'unsafe-inline';";
|
|
80
81
|
cspDirectives[3] = "img-src 'self' data:;";
|
|
81
82
|
cspDirectives[4] = "connect-src 'self';";
|