Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: Electron Content Security Policy removed #62

Open
4 of 6 tasks
BeierKevin opened this issue Dec 11, 2022 · 1 comment
Open
4 of 6 tasks

Bug: Electron Content Security Policy removed #62

BeierKevin opened this issue Dec 11, 2022 · 1 comment

Comments

@BeierKevin
Copy link
Contributor

BeierKevin commented Dec 11, 2022

Issue description

Describe your issue in detail here

Currently, we removed the content security policy meta tag from the index.html file, need to fix this in the future.

image.png

https://www.electronjs.org/docs/latest/tutorial/security

Definition Of Ready (DoR)

This issue can be worked on if

  • a developer is assigned
  • the issue is labeled
  • the issue is assigned to the current sprint
  • the issue is estimated
  • a meaningful title has been set
  • the issue is described in detail
@Claiyc Claiyc changed the title Bug: Electron Conten Security Policy removed Bug: Electron Content Security Policy removed Dec 11, 2022
@Claiyc Claiyc moved this to 🆕 New in Project VIGAD Apr 6, 2023
@BeierKevin
Copy link
Contributor Author

I have looked at it a bit, and was able to add a few CSP rules which you can see in the following:

When this is added to the application everthing still wroks like previously as of my testing, but it still uses 'unsafe-inline' 'unsafe-eval', maybe there is a way to get these still out but as of my research it is generally not wrong to have these in if otherwise your application doesn't work so we have to properly deal with in some sort of way.

@Claiyc Claiyc moved this from Not Ready to Ready in Project VIGAD May 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Ready
Development

No branches or pull requests

2 participants