fix(android): allow network requests and relax WebView CSP

Enable cleartext HTTP in release APK, add network security config, and set connect-src CSP. Add CORS on Worker API for cross-origin fetches from packaged apps.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
2026-06-06 13:53:05 +08:00
parent 58d5dc8ae8
commit f8b05c69d6
7 changed files with 191 additions and 16 deletions

View File

@@ -84,6 +84,23 @@ function patchTauriConfig(filePath) {
if (conf.app?.windows?.[0]) {
conf.app.windows[0].title = appNameZh;
}
conf.app = {
...conf.app,
security: {
csp: {
"default-src": "'self' asset: tauri: https: http: data: blob: file:",
"connect-src":
"'self' asset: tauri: https: http: ws: wss: data: blob: file:",
"img-src": "'self' asset: tauri: https: http: data: blob: file:",
"media-src": "'self' asset: tauri: https: http: data: blob: file:",
"style-src": "'self' 'unsafe-inline' asset: tauri: https: http:",
"script-src":
"'self' 'unsafe-inline' 'unsafe-eval' asset: tauri: https: http:",
"frame-src": "'self' asset: tauri: https: http: data: blob:",
"worker-src": "'self' blob: data:",
},
},
};
conf.bundle = {
...conf.bundle,
active: true,