From 898d6b271bd22f21471172336f36b5b0e2463a76 Mon Sep 17 00:00:00 2001 From: Blake Byrnes Date: Fri, 25 Oct 2024 17:08:44 -0400 Subject: [PATCH] fix(agent): make ws callbacks no-cors --- agent/main/lib/WebsocketSession.ts | 7 +++++-- timetravel/lib/MirrorNetwork.ts | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/agent/main/lib/WebsocketSession.ts b/agent/main/lib/WebsocketSession.ts index b9a28b2d8..c1deae2bb 100644 --- a/agent/main/lib/WebsocketSession.ts +++ b/agent/main/lib/WebsocketSession.ts @@ -167,8 +167,11 @@ function injectedScript(): void { const url = `${this.host}:${this.port}?secret=${this.secret}&clientId=${clientId}`; // This will signal to network manager we are trying to make websocket connection // This is needed later to map clientId to frameId - // eslint-disable-next-line no-console - fetch(`http://${url}`).catch(error => console.log(error)); + fetch(`http://${url}`, { + mode: 'no-cors', + }) + // eslint-disable-next-line no-console + .catch(error => console.log(error)); let callback: WebsocketCallback; try { const socket = new WebSocket(`ws://${url}`); diff --git a/timetravel/lib/MirrorNetwork.ts b/timetravel/lib/MirrorNetwork.ts index e46b9b421..d2001c7cf 100644 --- a/timetravel/lib/MirrorNetwork.ts +++ b/timetravel/lib/MirrorNetwork.ts @@ -67,7 +67,8 @@ export default class MirrorNetwork { responseCode: 200, responseHeaders: [ { name: 'Content-Type', value: 'text/html; charset=utf-8' }, - { name: 'Content-Security-Policy', value: "script-src 'nonce-hero-timetravel'" }, + { name: 'Content-Security-Policy', value: "script-src 'nonce-hero-timetravel'; connect-src 'self' ws://websocket.localhost:* http://websocket.localhost:*" }, + { name: 'Access-Control-Allow-Origin', value: '*' }, ], body: Buffer.from(`${doctype}`).toString('base64'), };