only apply the CSP to the frames and not the scripts

altair-graphql · Aug 16, 2023 · 29c1293 · 29c1293
1 parent 389f9ab
commit 29c1293
Showing 1 changed file with 30 additions and 20 deletions.
diff --git a/packages/altair-electron/src/app/window.ts b/packages/altair-electron/src/app/window.ts
@@ -195,26 +195,36 @@ export class WindowManager {
  }
 
  session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
- // console.log('received headers..', details.responseHeaders);
- const scriptSrc = [
- `'self'`,
- `'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc='`,
- `'${createSha256CspHash(renderInitialOptions())}'`,
- `https://cdn.jsdelivr.net`,
- `https://apis.google.com`,
- `localhost:*`,
- `file:`,
- ];
- callback({
- responseHeaders: Object.assign({}, details.responseHeaders, {
- // Setting CSP
- // TODO: Figure out why an error from this breaks devtools
- 'Content-Security-Policy': [
- `script-src ${scriptSrc.join(' ')}; object-src 'self';`,
- // `script-src 'self' 'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc=' '${createSha256CspHash(renderInitialOptions())}' https://cdn.jsdelivr.net localhost:*; object-src 'self';`
- ],
- }),
- });
+ if (
+ details.resourceType === 'mainFrame' ||
+ details.resourceType === 'subFrame'
+ ) {
+ // console.log('received headers..', details.responseHeaders);
+
+ // Set the CSP
+ const scriptSrc = [
+ `'self'`,
+ `'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc='`,
+ `'${createSha256CspHash(renderInitialOptions())}'`,
+ `https://cdn.jsdelivr.net`,
+ `https://apis.google.com`,
+ `localhost:*`,
+ `file:`,
+ ];
+
+ return callback({
+ responseHeaders: Object.assign({}, details.responseHeaders, {
+ // Setting CSP
+ // TODO: Figure out why an error from this breaks devtools
+ 'Content-Security-Policy': [
+ `script-src ${scriptSrc.join(' ')}; object-src 'self';`,
+ // `script-src 'self' 'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc=' '${createSha256CspHash(renderInitialOptions())}' https://cdn.jsdelivr.net localhost:*; object-src 'self';`
+ ],
+ }),
+ });
+ }
+
+ callback({ responseHeaders: details.responseHeaders });
  });
 
  ipcMain.on(IPC_EVENT_NAMES.RENDERER_RESTART_APP, () => {