Skip to content

fix(gateway): add CSP nonce for VNC viewer inline script/style#30

Merged
zooqueen merged 1 commit intomainfrom
fix/vnc-csp-nonce
Feb 25, 2026
Merged

fix(gateway): add CSP nonce for VNC viewer inline script/style#30
zooqueen merged 1 commit intomainfrom
fix/vnc-csp-nonce

Conversation

@zooqueen
Copy link

@zooqueen zooqueen commented Feb 25, 2026

Summary

Test plan

  • CI passes
  • VNC viewer loads (not white screen)
  • VNC tunnel connects and shows remote desktop
  • CSP header contains nonce in response headers

🤖 Generated with Claude Code

@zooqueen @claude
fix(gateway): add CSP nonce for VNC viewer inline script and style (#30)
7cc561f 
The CSP header added in #29 blocked the inline <script> and <style>
tags in the VNC viewer HTML, causing a white screen. Generate a
per-request cryptographic nonce and include it in both the CSP header
(script-src/style-src) and the HTML tags (nonce="...").

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@zooqueen zooqueen merged commit b87d7d0 into main Feb 25, 2026
18 of 20 checks passed
zooqueen pushed a commit that referenced this pull request Mar 6, 2026
@Nachx639 @steipete
fix(macos): lazy-init AVAudioEngine to prevent Bluetooth audio ducking
f9a423b 
Creating AVAudioEngine at singleton init time causes macOS to switch
Bluetooth headphones from A2DP (high quality) to HFP (headset) profile,
resulting in degraded audio quality even when Voice Wake is disabled.

This change makes audioEngine optional and only creates it when voice
recognition actually starts, preventing the profile switch for users
who don't use Voice Wake.

Fixes #30

🤖 Generated with [Claude Code](https://claude.com/claude-code)
zooqueen added a commit that referenced this pull request Mar 6, 2026
@zooqueen
fix(gateway): add CSP nonce for VNC viewer inline script and style (#30
0d9e755 
…) (#30)

The CSP header added in #29 blocked the inline <script> and <style>
tags in the VNC viewer HTML, causing a white screen. Generate a
per-request cryptographic nonce and include it in both the CSP header
(script-src/style-src) and the HTML tags (nonce="...").
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zooqueen