fix: Fix Content-Security-Policy config

This commit is contained in:
Its-treason 2023-11-06 17:13:24 +01:00
parent 8fb8eee5ef
commit 5be12543e5

View File

@ -14,16 +14,18 @@ const { loadWindowState, saveBounds, saveMaximized } = require('./utils/window')
const lastOpenedCollections = new LastOpenedCollections(); const lastOpenedCollections = new LastOpenedCollections();
// Reference: https://content-security-policy.com/
const contentSecurityPolicy = [ const contentSecurityPolicy = [
isDev ? "default-src 'self' 'unsafe-inline' 'unsafe-eval'" : "default-src 'self'", "default-src 'self'",
"connect-src 'self' https://api.github.com/repos/usebruno/bruno", "script-src * 'unsafe-inline' 'unsafe-eval'",
"font-src 'self' https://fonts.gstatic.com", "connect-src 'self' api.github.com",
"font-src 'self' https:",
"form-action 'none'", "form-action 'none'",
"img-src 'self' blob: data:", "img-src 'self' blob: data: https:",
"style-src 'self' https://fonts.googleapis.com" "style-src 'self' 'unsafe-inline' https:"
]; ];
setContentSecurityPolicy(contentSecurityPolicy.join(';')); setContentSecurityPolicy(contentSecurityPolicy.join(';') + ';');
const menu = Menu.buildFromTemplate(menuTemplate); const menu = Menu.buildFromTemplate(menuTemplate);
Menu.setApplicationMenu(menu); Menu.setApplicationMenu(menu);