From 0e54d399424374d497d08a8631c4761dece57ceb Mon Sep 17 00:00:00 2001
From: Kristóf Marussy <kristof@marussy.com>
Date: Wed, 23 Aug 2023 03:36:25 +0200
Subject: feat: dot visualization

---
 .../main/java/tools/refinery/language/web/SecurityHeadersFilter.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'subprojects/language-web/src')

diff --git a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java
index 7b094fde..fab94689 100644
--- a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java
+++ b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java
@@ -16,7 +16,7 @@ public class SecurityHeadersFilter implements Filter {
 			ServletException {
 		if (response instanceof HttpServletResponse httpResponse) {
 			httpResponse.setHeader("Content-Security-Policy", "default-src 'none'; " +
-					"script-src 'self'; " +
+					"script-src 'self' 'wasm-unsafe-eval'; " +
 					// CodeMirror needs inline styles, see e.g.,
 					// https://discuss.codemirror.net/t/inline-styles-and-content-security-policy/1311/2
 					"style-src 'self' 'unsafe-inline'; " +
@@ -25,7 +25,7 @@ public class SecurityHeadersFilter implements Filter {
 					"font-src 'self'; " +
 					"connect-src 'self'; " +
 					"manifest-src 'self'; " +
-					"worker-src 'self';");
+					"worker-src 'self' blob:;");
 			httpResponse.setHeader("X-Content-Type-Options", "nosniff");
 			httpResponse.setHeader("X-Frame-Options", "DENY");
 			httpResponse.setHeader("Referrer-Policy", "strict-origin");
-- 
cgit v1.2.3-54-g00ecf