From 29c129342e52f4ead63eb57dcd6b9cc6817b170e Mon Sep 17 00:00:00 2001 From: Samuel Imolorhe Date: Wed, 16 Aug 2023 22:55:04 +0200 Subject: [PATCH] only apply the CSP to the frames and not the scripts --- packages/altair-electron/src/app/window.ts | 50 +++++++++++++--------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/packages/altair-electron/src/app/window.ts b/packages/altair-electron/src/app/window.ts index 038ff5f45e..a270b396f3 100644 --- a/packages/altair-electron/src/app/window.ts +++ b/packages/altair-electron/src/app/window.ts @@ -195,26 +195,36 @@ export class WindowManager { } session.defaultSession.webRequest.onHeadersReceived((details, callback) => { - // console.log('received headers..', details.responseHeaders); - const scriptSrc = [ - `'self'`, - `'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc='`, - `'${createSha256CspHash(renderInitialOptions())}'`, - `https://cdn.jsdelivr.net`, - `https://apis.google.com`, - `localhost:*`, - `file:`, - ]; - callback({ - responseHeaders: Object.assign({}, details.responseHeaders, { - // Setting CSP - // TODO: Figure out why an error from this breaks devtools - 'Content-Security-Policy': [ - `script-src ${scriptSrc.join(' ')}; object-src 'self';`, - // `script-src 'self' 'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc=' '${createSha256CspHash(renderInitialOptions())}' https://cdn.jsdelivr.net localhost:*; object-src 'self';` - ], - }), - }); + if ( + details.resourceType === 'mainFrame' || + details.resourceType === 'subFrame' + ) { + // console.log('received headers..', details.responseHeaders); + + // Set the CSP + const scriptSrc = [ + `'self'`, + `'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc='`, + `'${createSha256CspHash(renderInitialOptions())}'`, + `https://cdn.jsdelivr.net`, + `https://apis.google.com`, + `localhost:*`, + `file:`, + ]; + + return callback({ + responseHeaders: Object.assign({}, details.responseHeaders, { + // Setting CSP + // TODO: Figure out why an error from this breaks devtools + 'Content-Security-Policy': [ + `script-src ${scriptSrc.join(' ')}; object-src 'self';`, + // `script-src 'self' 'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc=' '${createSha256CspHash(renderInitialOptions())}' https://cdn.jsdelivr.net localhost:*; object-src 'self';` + ], + }), + }); + } + + callback({ responseHeaders: details.responseHeaders }); }); ipcMain.on(IPC_EVENT_NAMES.RENDERER_RESTART_APP, () => {