csp: allow WASM

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

packages/backend/src/server/csp.ts

@@ -12,7 +12,7 @@ export type CSPHashed = {
 };
 
 export function generateCSP(hashedMap: Map<string, CSPHashed>, options: {
-    mediaProxy ?: string,
+    mediaProxy?: string,
 }) {
     const keys = Array.from(hashedMap.keys());
     const scripts = keys
@@ -28,7 +28,7 @@ export function generateCSP(hashedMap: Map<string, CSPHashed>, options: {
         ['media-src', ['\'self\'', 'data:', options.mediaProxy].filter(Boolean)],
         ['font-src', ['\'self\'']],
         ['style-src', ['\'self\'', ...styles]],
-        ['script-src', ['\'self\'', ...scripts]],
+        ['script-src', ['\'self\'', '\'unsafe-wasm-eval\'', ...scripts]],
         ['object-src', ['\'none\'']],
         ['frame-src', ['\'none\'']],
         ['base-uri', ['\'self\'']],
@@ -36,14 +36,14 @@ export function generateCSP(hashedMap: Map<string, CSPHashed>, options: {
         ['child-src', ['\'self\'']],
         ['form-action', ['\'self\'']],
         ['manifest-src', ['\'self\'']],
-        ...(process.env.NODE_ENV === 'production' ? 
-                [
-                    ['upgrade-insecure-requests', []],
-                ] : []),
+        ...(process.env.NODE_ENV === 'production' ?
+            [
+                ['upgrade-insecure-requests', []],
+            ] : []),
     ] as [string, string[]][])
-    .map(([name, values]) => {
-        return `${name} ${values.join(' ')}`;
-    }).join('; ');
+        .map(([name, values]) => {
+            return `${name} ${values.join(' ')}`;
+        }).join('; ');
 }
 
 export function hashResource(res: string): CSPHashed {