feat(A.1 #2): widen CSP connect-src for localhost LLM endpoints
Adds http://127.0.0.1:* and ws://127.0.0.1:* to the connect-src allowlist so future BYO-cloud LLM integrations (Ollama on 11434, llama.cpp server on 8080, LM Studio on 1234, etc.) can fetch(...) without tripping the CSP. Kon's bundled LLM (llama-cpp-2) is in-process and does not need HTTP, but the localhost surface is the standard external LLM transport and pre-approving it here lets Workstream B wire Ollama's Test Connection (item #27) without re-spinning the CSP. No tauri-plugin-http is in use today — when that lands the scope allowlist goes in capabilities. Matches the pain pattern from Vibe #438 (Tauri scope blocking 127.0.0.1 LLM endpoints). Co-authored-by: jars <jakejars@users.noreply.github.com>
This commit is contained in:
@@ -23,7 +23,7 @@
|
||||
}
|
||||
],
|
||||
"security": {
|
||||
"csp": "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' asset: https://asset.localhost; connect-src ipc: http://ipc.localhost asset: https://asset.localhost http://localhost:* ws://localhost:*; media-src 'self' asset: https://asset.localhost"
|
||||
"csp": "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' asset: https://asset.localhost; connect-src ipc: http://ipc.localhost asset: https://asset.localhost http://localhost:* ws://localhost:* http://127.0.0.1:* ws://127.0.0.1:*; media-src 'self' asset: https://asset.localhost"
|
||||
}
|
||||
},
|
||||
"plugins": {
|
||||
|
||||
Reference in New Issue
Block a user