holm/bruno
1
0
Fork 0
forked from extern/bruno
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #903 from Its-treason/bugfix/csp

Browse Source 
fix: Fix Content-Security-Policy config
This commit is contained in:
Anoop M D 2023-11-06 22:07:44 +05:30 committed by GitHub
commit 08fbb91667
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
packages/bruno-electron/src/index.js
View File

@ -14,16 +14,18 @@ const { loadWindowState, saveBounds, saveMaximized } = require('./utils/window')
const lastOpenedCollections = new LastOpenedCollections();
// Reference: https://content-security-policy.com/
const contentSecurityPolicy = [
isDev ? "default-src 'self' 'unsafe-inline' 'unsafe-eval'" : "default-src 'self'",
"connect-src 'self' https://api.github.com/repos/usebruno/bruno",
"font-src 'self' https://fonts.gstatic.com",
"default-src 'self'",
"script-src * 'unsafe-inline' 'unsafe-eval'",
"connect-src 'self' api.github.com",
"font-src 'self' https:",
"form-action 'none'",
"img-src 'self' blob: data:",
"style-src 'self' https://fonts.googleapis.com"
"img-src 'self' blob: data: https:",
"style-src 'self' 'unsafe-inline' https:"
];
setContentSecurityPolicy(contentSecurityPolicy.join(';'));
setContentSecurityPolicy(contentSecurityPolicy.join(';') + ';');
const menu = Menu.buildFromTemplate(menuTemplate);
Menu.setApplicationMenu(menu);