client-web umbau

client/web-app/build.gradle.kts

@@ -11,11 +11,16 @@ kotlin {
     js(IR) {
         browser {
             commonWebpackConfig {
+//                devServer = devServer?.copy(
+//                    port = 8080,
+//                    static = mutableListOf("src/jsMain/resources")
+//                )
                 devServer = devServer?.copy(
                     port = 8080,
-                    static = mutableListOf("src/jsMain/resources")
+                    static = mutableListOf(project.projectDir.resolve("src/jsMain/resources").path)
                 )
 
+
                 // Webpack optimization settings
                 configDirectory = project.projectDir.resolve("webpack.config.d")
             }

client/web-app/src/jsMain/resources/index.html

@@ -19,5 +19,6 @@
 </head>
 <body>
 <div id="root"></div>
+<script src="web-app.js"></script>
 </body>
 </html>

client/web-app/webpack.config.d/csp.js

@@ -1,14 +1,5 @@
 // Content Security Policy configuration for development
-// More relaxed CSP suitable for development environment
 config.devServer = config.devServer || {};
 config.devServer.headers = config.devServer.headers || {};
 config.devServer.headers['Content-Security-Policy'] =
-    "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; " +
+    "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src *; img-src 'self' data:; font-src 'self' data:; frame-src 'self';";
-    "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; " +
-    "style-src 'self' 'unsafe-inline' data: blob:; " +
-    "img-src 'self' data: blob: http: https:; " +
-    "font-src 'self' data: blob: http: https:; " +
-    "connect-src 'self' ws: wss: http: https:; " +
-    "frame-src 'self' data: blob:; " +
-    "object-src 'none'; " +
-    "base-uri 'self';";

client/web-app/webpack.config.d/csp.js.disabled

@@ -0,0 +1,14 @@
+// Content Security Policy configuration for development
+// More relaxed CSP suitable for development environment
+config.devServer = config.devServer || {};
+config.devServer.headers = config.devServer.headers || {};
+config.devServer.headers['Content-Security-Policy'] =
+    "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; " +
+    "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; " +
+    "style-src 'self' 'unsafe-inline' data: blob:; " +
+    "img-src 'self' data: blob: http: https:; " +
+    "font-src 'self' data: blob: http: https:; " +
+    "connect-src 'self' ws: wss: http: https:; " +
+    "frame-src 'self' data: blob:; " +
+    "object-src 'none'; " +
+    "base-uri 'self';";

client/web-app/webpack.config.d/optimization.js

@@ -83,8 +83,8 @@ config.optimization = {
 // Performance budget adjusted for Kotlin/JS applications
 // Note: Kotlin/JS apps require all dependencies loaded initially, so larger budgets are realistic
 config.performance = {
-    maxAssetSize: 400000, // 400KB per asset (realistic for Kotlin libs)
+    maxAssetSize: 1000000, // 1MB per asset (realistic for large Kotlin/Compose libs)
-    maxEntrypointSize: 2000000, // 2MB total entry point (realistic for Kotlin/JS + Compose)
+    maxEntrypointSize: 7000000, // 7MB total entry point (realistic for Kotlin/JS + Compose)
     hints: 'warning',
     assetFilter: function(assetFilename) {
         // Only check JS files for performance