Calibre-Web修复跨域问题
修改D:\calibre-web-master\cps\web.py文件
原来代码
def add_security_headers(resp): default_src = ([host.strip() for host in config.config_trustedhosts.split(',') if host] + ["'self'", "'unsafe-inline'", "'unsafe-eval'"]) csp = "default-src " + ' '.join(default_src) if request.endpoint == "web.read_book" and config.config_use_google_drive: csp +=" blob: " csp += "; font-src 'self' data:" if request.endpoint == "web.read_book": csp += " blob: " csp += "; img-src 'self'" if request.path.startswith("/author/") and config.config_use_goodreads: csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com" csp += " data:" if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive: csp += " *" if request.endpoint == "web.read_book": csp += " blob: ; style-src-elem 'self' blob: 'unsafe-inline'" csp += "; object-src 'none';" resp.headers['Content-Security-Policy'] = csp resp.headers['X-Content-Type-Options'] = 'nosniff' resp.headers['X-Frame-Options'] = 'SAMEORIGIN' resp.headers['X-XSS-Protection'] = '1; mode=block' resp.headers['Strict-Transport-Security'] = 'max-age=31536000' return resp修改为以下代码
def add_security_headers(resp): default_src = ([host.strip() for host in config.config_trustedhosts.split(',') if host] + ["'self'", "'unsafe-inline'", "'unsafe-eval'"]) csp = "default-src " + ' '.join(default_src) if request.endpoint == "web.read_book" and config.config_use_google_drive: csp +=" blob: " csp += "; font-src 'self' data:" if request.endpoint == "web.read_book": csp += " blob: " csp += "; img-src 'self'" if request.endpoint == "web.read_book": csp += " https: http: blob:" if request.path.startswith("/author/") and config.config_use_goodreads: csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com" csp += " data:" if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive: csp += " *" if request.endpoint == "web.read_book": csp += " ; style-src-elem 'self' blob: 'unsafe-inline'" csp += "; object-src 'none';" resp.headers['Content-Security-Policy'] = csp resp.headers['X-Content-Type-Options'] = 'nosniff' resp.headers['X-Frame-Options'] = 'SAMEORIGIN' resp.headers['X-XSS-Protection'] = '1; mode=block' resp.headers['Strict-Transport-Security'] = 'max-age=31536000' return respcps增加http:和https:,支持外部图片资源
修复JS报错:D:\calibre-web-master\cps\static\js\libs\reader.min.js
将原来
this.rendition=c.renderTo("viewer",{ignoreClass:"annotator-hl",width:"100%",height:"100%"})修改为
this.rendition=c.renderTo("viewer",{ignoreClass:"annotator-hl",width:"100%",height:"100%",allowScriptedContent:true})增加 allowScriptedContent:true 参数
