08-19-2021, 12:36 PM
Hi Ronald, I have been getting good results in situations like yours, using .OnAfterDispach
Code:
procedure TIWServerController.IWServerControllerBaseAfterDispatch(
Request: THttpRequest; aReply: THttpReply);
begin
aReply.AddHeader('Content-Security-Policy',
'default-src ' + QuotedStr('self') + ' https: ' + QuotedStr('unsafe-inline') + ' ' + QuotedStr('unsafe-eval') + '; ' +
'script-src ' + QuotedStr('self') + ' https: ' + QuotedStr('unsafe-inline') + ' ' + QuotedStr('unsafe-eval') + '; ' +
'style-src ' + QuotedStr('self') + ' https: ' + QuotedStr('unsafe-inline') + '; ' +
'img-src ' + QuotedStr('self') + ' https: data:; ' +
'object-src ' + QuotedStr('self') + '; ' +
'media-src ' + QuotedStr('self') + ' https:; ' +
'frame-ancestors ' + QuotedStr('self') + ' https:; ' +
'base-uri ' + QuotedStr('self') + ' https:');
aReply.AddHeader('Access-Control-Allow-Origin', '*');
end;