mirror of
https://github.com/usebruno/bruno.git
synced 2024-11-26 01:44:05 +01:00
fix(#222): harden content security policy and allow loading inline images
This commit is contained in:
parent
5db50339e0
commit
0668331822
@ -13,12 +13,16 @@ const { loadWindowState, saveWindowState } = require('./utils/window');
|
|||||||
|
|
||||||
const lastOpenedCollections = new LastOpenedCollections();
|
const lastOpenedCollections = new LastOpenedCollections();
|
||||||
|
|
||||||
setContentSecurityPolicy(`
|
const contentSecurityPolicy = [
|
||||||
default-src * 'unsafe-inline' 'unsafe-eval';
|
isDev ? "default-src 'self' 'unsafe-inline' 'unsafe-eval'" : "default-src 'self'",
|
||||||
script-src * 'unsafe-inline' 'unsafe-eval';
|
"connect-src 'self' https://api.github.com/repos/usebruno/bruno",
|
||||||
connect-src * 'unsafe-inline';
|
"font-src 'self' https://fonts.gstatic.com",
|
||||||
form-action 'none';
|
"form-action 'none'",
|
||||||
`);
|
"img-src 'self' blob: data:",
|
||||||
|
"style-src 'self' https://fonts.googleapis.com"
|
||||||
|
];
|
||||||
|
|
||||||
|
setContentSecurityPolicy(contentSecurityPolicy.join(';'));
|
||||||
|
|
||||||
const menu = Menu.buildFromTemplate(menuTemplate);
|
const menu = Menu.buildFromTemplate(menuTemplate);
|
||||||
Menu.setApplicationMenu(menu);
|
Menu.setApplicationMenu(menu);
|
||||||
|
Loading…
Reference in New Issue
Block a user