extern/bruno
1
0
Fork 1
mirror of https://github.com/usebruno/bruno.git synced 2024-11-22 07:53:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(#222): harden content security policy and allow loading inline images

Browse Source
This commit is contained in:
Jonathan Gruber 2023-10-09 15:37:34 +02:00
parent 5db50339e0
commit 0668331822
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
packages/bruno-electron/src/index.js
View File

@ -13,12 +13,16 @@ const { loadWindowState, saveWindowState } = require('./utils/window');
const lastOpenedCollections = new LastOpenedCollections();
setContentSecurityPolicy(`
default-src * 'unsafe-inline' 'unsafe-eval';
script-src * 'unsafe-inline' 'unsafe-eval';
connect-src * 'unsafe-inline';
form-action 'none';
`);
const contentSecurityPolicy = [
isDev ? "default-src 'self' 'unsafe-inline' 'unsafe-eval'" : "default-src 'self'",
"connect-src 'self' https://api.github.com/repos/usebruno/bruno",
"font-src 'self' https://fonts.gstatic.com",
"form-action 'none'",
"img-src 'self' blob: data:",
"style-src 'self' https://fonts.googleapis.com"
];
setContentSecurityPolicy(contentSecurityPolicy.join(';'));
const menu = Menu.buildFromTemplate(menuTemplate);
Menu.setApplicationMenu(menu);