chore: add "VITE_CONTENT_SECURITY_POLICY" configure feild to usage switch http or https protocol

@@ -35,3 +35,6 @@ VITE_GLOB_API_URL_PREFIX=/yt
 #configuration
 VITE_GLOB_CONFIGURATION = /thingskit-drawio
 
+# Content Security Policy
+VITE_CONTENT_SECURITY_POLICY = true
+

@@ -43,3 +43,5 @@ VITE_WEB_SOCKET = wss://dev.thingskit.com/api/ws/plugins/telemetry?token=
 #configuration
 VITE_GLOB_CONFIGURATION = http://localhost:3000
 
+# Content Security Policy
+VITE_CONTENT_SECURITY_POLICY = true

@@ -10,7 +10,7 @@ import pkg from '../../../package.json';
 import { GLOB_CONFIG_FILE_NAME } from '../../constant';
 
 export function configHtmlPlugin(env: ViteEnv, isBuild: boolean) {
-  const { VITE_GLOB_APP_TITLE, VITE_PUBLIC_PATH } = env;
+  const { VITE_GLOB_APP_TITLE, VITE_PUBLIC_PATH, VITE_CONTENT_SECURITY_POLICY } = env;
 
   const path = VITE_PUBLIC_PATH.endsWith('/') ? VITE_PUBLIC_PATH : `${VITE_PUBLIC_PATH}/`;
 
@@ -24,6 +24,9 @@ export function configHtmlPlugin(env: ViteEnv, isBuild: boolean) {
       // Inject data into ejs template
       injectData: {
         title: VITE_GLOB_APP_TITLE,
+        contentSecurityPolicy: VITE_CONTENT_SECURITY_POLICY
+          ? `<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />`
+          : '',
       },
       // Embed the generated app.config.js file
       tags: isBuild

 <!DOCTYPE html>
 <html lang="en" id="htmlRoot">
   <head>
-    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />
+    <%- contentSecurityPolicy %>
     <meta charset="UTF-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
     <meta name="renderer" content="webkit" />

@@ -71,6 +71,7 @@ declare global {
     VITE_LEGACY: boolean;
     VITE_USE_IMAGEMIN: boolean;
     VITE_GENERATE_UI: string;
+    VITE_CONTENT_SECURITY_POLICY: boolean;
   }
 
   declare function parseInt(s: string | number, radix?: number): number;