fix(privacy): generate invite QR locally instead of api.qrserver.com (H5)
The Share Room QR was fetched from the third-party api.qrserver.com, leaking which rooms a user shares (and failing offline / under strict CSP). Now rendered locally via qrcode.react (QRCodeSVG) — no network request, works offline. Added a white quiet-zone container so the code scans on any theme; dropped the qrError fallback (local generation can't fail the same way). Removed api.qrserver.com from the prod CSP img-src (matrix repo). Build verified (rolldown interop OK). Verification steps added to LOTUS_TESTING. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -82,6 +82,7 @@
|
||||
"millify": "6.1.0",
|
||||
"pdfjs-dist": "5.7.284",
|
||||
"prismjs": "1.30.0",
|
||||
"qrcode.react": "4.2.0",
|
||||
"react": "19.2.6",
|
||||
"react-aria": "3.48.0",
|
||||
"react-blurhash": "0.3.0",
|
||||
|
||||
Reference in New Issue
Block a user