f724d34f78
## Critical Bug Fix All CDN resources (marked.js, highlight.js) were blocked by CSP causing: - FAQ markdown rendering failures - No syntax highlighting for code blocks - Plain text display instead of formatted HTML ## Changes Made ### Backend (src/server.js) Updated helmet CSP configuration to allow cdnjs.cloudflare.com: - scriptSrc: added https://cdnjs.cloudflare.com - styleSrc: added https://cdnjs.cloudflare.com - connectSrc: added https://cdnjs.cloudflare.com (was missing) - fontSrc: added https://cdnjs.cloudflare.com ### Frontend (nginx production config) Fixed nginx add_header inheritance issue: - Duplicated security headers in HTML location block - Nginx quirk: add_header in location block overrides parent headers - Both server block AND location block now have full CSP ### Root Cause Two-part issue: 1. CSP didn't include cdnjs.cloudflare.com (blocking external resources) 2. Nginx HTML location block used add_header, overriding parent security headers ## Testing Verified with curl: - Local: CSP headers include cdnjs.cloudflare.com ✅ - Production: CSP headers include cdnjs.cloudflare.com ✅ ## Version - Bumped to 1.0.6 - Force update enabled 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
12 lines
365 B
JSON
12 lines
365 B
JSON
{
|
|
"version": "1.0.6",
|
|
"buildDate": "2025-10-14T13:30:00Z",
|
|
"changelog": [
|
|
"CRITICAL FIX: Updated CSP to allow cdnjs.cloudflare.com",
|
|
"Fixes marked.js and highlight.js loading failures",
|
|
"Added connectSrc, scriptSrc, styleSrc, fontSrc for CDN",
|
|
"FAQ markdown rendering now works correctly"
|
|
],
|
|
"forceUpdate": true,
|
|
"minVersion": "1.0.6"
|
|
}
|