From 8b5bf73de25ae07cb8e52141da6038541c11fd5f Mon Sep 17 00:00:00 2001
From: stefan <stefan@mo.co.at>
Date: Wed, 10 Sep 2025 15:13:11 +0200
Subject: [PATCH] client-web umbau

---
 client/web-app/webpack.config.d/csp.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 client/web-app/webpack.config.d/csp.js

diff --git a/client/web-app/webpack.config.d/csp.js b/client/web-app/webpack.config.d/csp.js
new file mode 100644
index 00000000..da1ce6df
--- /dev/null
+++ b/client/web-app/webpack.config.d/csp.js
@@ -0,0 +1,14 @@
+// Content Security Policy configuration for development
+// More relaxed CSP suitable for development environment
+config.devServer = config.devServer || {};
+config.devServer.headers = config.devServer.headers || {};
+config.devServer.headers['Content-Security-Policy'] =
+    "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; " +
+    "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; " +
+    "style-src 'self' 'unsafe-inline' data: blob:; " +
+    "img-src 'self' data: blob: http: https:; " +
+    "font-src 'self' data: blob: http: https:; " +
+    "connect-src 'self' ws: wss: http: https:; " +
+    "frame-src 'self' data: blob:; " +
+    "object-src 'none'; " +
+    "base-uri 'self';";