Problem
A CSP constant is defined in api.ts for the viewer, but the actual viewer server in viewer/server.ts serves HTML without CSP headers.
Locations
src/triggers/api.ts:18-19 — defines CSPsrc/viewer/server.ts:423-424 — serves HTML without CSP
Suggested Fix
Add CSP headers to the viewer server's HTML response.
Problem
A CSP constant is defined in
api.tsfor the viewer, but the actual viewer server inviewer/server.tsserves HTML without CSP headers.Locations
src/triggers/api.ts:18-19— defines CSPsrc/viewer/server.ts:423-424— serves HTML without CSPSuggested Fix
Add CSP headers to the viewer server's HTML response.