From 10c8d668c791e70e87bd6ef7ba27fb8d50f57665 Mon Sep 17 00:00:00 2001
From: wtingkai <330445001@qq.com>
Date: Sat, 13 Sep 2025 20:58:53 +0800
Subject: [PATCH] =?UTF-8?q?feat(OmniAdvisor):=20Django=20Web=E7=AB=AF?=
 =?UTF-8?q?=E5=AE=89=E5=85=A8=E8=B4=A8=E9=87=8F=E5=8A=A0=E5=9B=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 omniadvisor/src/server/engine/settings.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/omniadvisor/src/server/engine/settings.py b/omniadvisor/src/server/engine/settings.py
index 919f1e4c2..0ebbd64bc 100644
--- a/omniadvisor/src/server/engine/settings.py
+++ b/omniadvisor/src/server/engine/settings.py
@@ -52,6 +52,9 @@ CSP_DEFAULT_SRC = ("'self'", )
 CSP_SCRIPT_SRC = ("'self'", )
 CSP_STYLE_SRC = ("'self'", "fonts.googleapis.com")
 CSP_FONT_SRC = ("'self'", "fonts.gstatic.com")
+CSP_IMG_SRC = ("'self'", "data:")
+CSP_OBJECT_SRC = ("'none'",)
+CSP_FRAME_ANCESTORS = ("'none'",)
 
 ALLOWED_HOSTS = ['*']
 
@@ -65,7 +68,8 @@ INSTALLED_APPS = [
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'server.app',
-    'sslserver'
+    'sslserver',
+    'csp'
 ]
 
 MIDDLEWARE = [
@@ -76,6 +80,7 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'csp.middleware.CSPMiddleware',
 ]
 
 ROOT_URLCONF = 'server.engine.urls'
-- 
Gitee