refactor: serve site manifest via /assets/site-manifest.json endpoint (#37405)

Slightly reduce the page size for every request, and don't need to use `href="data:` Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
2026-04-24 13:00:59 +00:00
parent 6826321570
commit c5c9713ed4
9 changed files with 64 additions and 117 deletions
--- a/services/context/context.go
+++ b/services/context/context.go
@@ -205,7 +205,6 @@ func Contexter() func(next http.Handler) http.Handler {
 			ctx.Data["DisableStars"] = setting.Repository.DisableStars
 			ctx.Data["EnableActions"] = setting.Actions.Enabled && !unit.TypeActions.UnitGlobalDisabled()

-			ctx.Data["ManifestData"] = setting.ManifestData
 			ctx.Data["AllLangs"] = translation.AllLangs()

 			next.ServeHTTP(ctx.Resp, ctx.Req)
--- a/services/context/context_template.go
+++ b/services/context/context_template.go
@@ -148,8 +148,7 @@ func (c TemplateContext) HeadMetaContentSecurityPolicy() template.HTML {
 	//    * Maybe this approach should be avoided, don't make the config system too complex, just let users use A
 	return template.HTML(`<meta http-equiv="Content-Security-Policy" content="` +
 		// allow all by default (the same as old releases with no CSP)
-		// "data:" is used to load the manifest in head (maybe also need to be refactored in the future)
-		// maybe some images are also loaded by "data:", need to investigate
+		// maybe some images or markup (external) renders need "data:", need to investigate
 		`default-src * data:;` +

 		// enforce nonce for all scripts, disallow inline scripts