chore(release): v0.3.11 — CSP img-src hotfix (paste + media render)

양쪽 창의 CSP 가 img-src 부적합: - quickcapture/index.html: img-src 미지정 → blob: 차단 → paste thumbnail 안 보임 - inbox/index.html: img-src 에 inkling-media: 누락 → 저장된 노트 이미지 안 보임 v0.3.0 이후 잠재적 회귀. 사용자 dogfood 발견. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 13:26:46 +09:00
parent f676c1638e
commit d3cf018f62
5 changed files with 26 additions and 5 deletions
--- a/src/renderer/inbox/index.html
+++ b/src/renderer/inbox/index.html
@@ -2,7 +2,7 @@
 <html lang="ko">
  <head>
    <meta charset="UTF-8" />
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: file:" />
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: file: inkling-media:" />
    <title>Inkling</title>
    <style>
      body { margin: 0; font-family: system-ui, sans-serif; background: #f5f5f7; color: #111; }
--- a/src/renderer/quickcapture/index.html
+++ b/src/renderer/quickcapture/index.html
@@ -2,7 +2,7 @@
 <html lang="ko">
  <head>
    <meta charset="UTF-8" />
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'" />
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:" />
    <title>Inkling Capture</title>
    <style>
      html, body, #root { margin: 0; height: 100%; background: transparent; font-family: system-ui, sans-serif; overflow: hidden; }