From 7e1e1b4ae66c4ce2d57a687561905266dd5a07bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A8=8B=E5=BA=8F=E5=91=98=E9=98=BF=E6=B1=9F=28Relakkes?= =?UTF-8?q?=29?= Date: Wed, 3 Jun 2026 14:07:29 +0800 Subject: [PATCH] fix(desktop): add a conservative Content-Security-Policy Adds a CSP meta tag that hardens default-src/object-src/base-uri while keeping script/style 'unsafe-inline'+'unsafe-eval' (Emotion CSS-in-JS injects runtime