gooneyryan/hermes-webui
1
0
Fork 0
mirror of https://github.com/nesquena/hermes-webui.git synced 2026-05-25 03:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v0.50.191
hermes-webui/static
T
History
Basit Mustafa b072a6887c fix(csp): add explicit manifest-src 'self' directive (#961) 
PR #920 added static/manifest.json and sw.js for PWA support. The CSP
in _security_headers() had no explicit manifest-src directive, so browsers
fell back to default-src 'self' and emitted a console warning on every page
load. The fallback is functionally correct but non-compliant with CSP Level 3
best practice of declaring each directive explicitly.

Adds manifest-src 'self' before base-uri. No origin set is changed.
Regression test added alongside existing CSP coverage in test_pwa_manifest_csp.py.

Co-authored with Claude Sonnet 4.6 / Anthropic.
2026-04-24 10:44:46 -07:00
..
vendor
chore: vendor streaming-markdown@0.2.15, remove CDN dependency
2026-04-24 01:05:20 +00:00
boot.js
refactor(ui): three-column layout with left rail + main-view migration (#899)
2026-04-24 09:05:25 -07:00
commands.js
v0.50.185: /btw stream hardening + .venv bootstrap + /reasoning toast (#935 #939 #941 #942)
2026-04-23 23:25:45 -07:00
favicon-32.png
fix: add favicon (SVG + PNG + ICO), fix static MIME types (#613)
2026-04-16 20:11:02 -07:00
favicon.ico
fix: add favicon (SVG + PNG + ICO), fix static MIME types (#613)
2026-04-16 20:11:02 -07:00
favicon.svg
fix: add favicon (SVG + PNG + ICO), fix static MIME types (#613)
2026-04-16 20:11:02 -07:00
i18n.js
refactor(ui): three-column layout with left rail + main-view migration (#899)
2026-04-24 09:05:25 -07:00
icons.js
refactor(ui): three-column layout with left rail + main-view migration (#899)
2026-04-24 09:05:25 -07:00
index.html
fix(csp): add explicit manifest-src 'self' directive (#961)
2026-04-24 10:44:46 -07:00
login.js
feat: support subpath mount via reverse proxy — v0.50.67 (PR #588 by @vcavichini)
2026-04-16 11:20:08 -07:00
manifest.json
feat: add PWA support (manifest, service worker, install prompt) (#920)
2026-04-23 15:14:21 -07:00
messages.js
fix(btw): use correct SSE endpoint /api/chat/stream (#950)
2026-04-24 10:43:44 -07:00
onboarding.js
fix(config): use Hermes config.yaml as single source of default model (#773)
2026-04-20 22:12:01 +00:00
panels.js
refactor(ui): three-column layout with left rail + main-view migration (#899)
2026-04-24 09:05:25 -07:00
sessions.js
refactor(ui): three-column layout with left rail + main-view migration (#899)
2026-04-24 09:05:25 -07:00
style.css
fix(ui): close 641-767px rail/hamburger breakpoint gap (#956)
2026-04-24 09:13:00 -07:00
sw.js
feat: add PWA support (manifest, service worker, install prompt) (#920)
2026-04-23 15:14:21 -07:00
ui.js
refactor(ui): three-column layout with left rail + main-view migration (#899)
2026-04-24 09:05:25 -07:00
workspace.js
feat: support subpath mount via reverse proxy — v0.50.67 (PR #588 by @vcavichini)
2026-04-16 11:20:08 -07:00