security(csp): unsafe-eval削除・connect-src絞り込み

unsafe-evalはAlpine.js不使用のため削除。 connect-srcにapi.open-meteo.comを明示追加（天気API使用）。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix(csp): style-src に posimai-ui.vercel.app を追加（base.css ブロック修正）
2026-04-23 00:07:21 +09:00 · 2026-04-21 08:27:40 +09:00
1 changed files with 1 additions and 1 deletions
--- a/vercel.json
+++ b/vercel.json
@ -30,7 +30,7 @@
        },
        {
          "key": "Content-Security-Policy",
-          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://cdn.jsdelivr.net https://esm.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https:; media-src 'self' https:; connect-src 'self' https://api.soar-enrich.com wss://api.soar-enrich.com https:; worker-src 'self'; frame-ancestors 'none';"
+          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net https://esm.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://posimai-ui.vercel.app; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https:; media-src 'self' https:; connect-src 'self' https://api.soar-enrich.com wss://api.soar-enrich.com https://api.open-meteo.com; worker-src 'self'; frame-ancestors 'none';"
        },
        {
          "key": "Strict-Transport-Security",
Author	SHA1	Message	Date
posimai	57ed0d6fbe	security(csp): unsafe-eval削除・connect-src絞り込み unsafe-evalはAlpine.js不使用のため削除。 connect-srcにapi.open-meteo.comを明示追加（天気API使用）。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-23 00:07:21 +09:00
posimai	f1a6785eb0	fix(csp): style-src に posimai-ui.vercel.app を追加（base.css ブロック修正） Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-21 08:27:40 +09:00