From 18cdfac8cd025348cee5b5faeb8add00dbae8273 Mon Sep 17 00:00:00 2001
From: alam00000 <adullah.alam.tapadar2000@gmail.com>
Date: Tue, 21 Apr 2026 19:24:28 +0530
Subject: [PATCH] fix(security): update script-src directive to include 'blob:'

---
 .gitignore                            | 3 ++-
 scripts/generate-security-headers.mjs | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index f6ca795..60fe8a1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -49,4 +49,5 @@ libreoffice-wasm-package
 bentopdf-*.tgz
 
 # test 
-dist-test
\ No newline at end of file
+dist-test
+test
\ No newline at end of file
diff --git a/scripts/generate-security-headers.mjs b/scripts/generate-security-headers.mjs
index 3babdad..9ba93b3 100644
--- a/scripts/generate-security-headers.mjs
+++ b/scripts/generate-security-headers.mjs
@@ -55,7 +55,7 @@ const fontOrigins = uniq([ocrFontOrigin].filter(Boolean));
 
 const directives = [
   `default-src 'self'`,
-  `script-src 'self' 'wasm-unsafe-eval' 'unsafe-eval' ${scriptOrigins.join(' ')}`.trim(),
+  `script-src 'self' 'wasm-unsafe-eval' 'unsafe-eval' blob: ${scriptOrigins.join(' ')}`.trim(),
   `worker-src 'self' blob:`,
   `style-src 'self' 'unsafe-inline' https://fonts.googleapis.com`,
   `img-src 'self' data: blob: https:`,