RenaiApp/src/main/modules/session/session.ts

import { session } from 'electron';
import { injectable } from 'inversify';
import { isDev } from '../../core/dev';
import { ISession } from './i-session';
import OnHeadersReceivedListenerDetails = Electron.OnHeadersReceivedListenerDetails;

@injectable()
export class Session implements ISession {
  public setHeaders(): void {
    // these headers only work on web requests, file:// protocol is handled via meta tags in the html
    session.defaultSession.webRequest.onHeadersReceived(
      (details: OnHeadersReceivedListenerDetails, callback: (response: {}) => void) => {
        callback({
          responseHeaders: {
            ...details.responseHeaders,
            'Content-Security-Policy': isDev()
              ? [
                  'default-src devtools:;' +
                    "script-src 'unsafe-eval';" +
                    "script-src-elem devtools: 'sha256-hl04hLzKBpmsfWF2wIA/0Vs6ZNV5T9ZNFY//3uXrgSk=';" +
                    "style-src devtools: 'unsafe-inline';" +
                    'connect-src devtools: data:',
                ]
              : ["default-src 'none'"],
          },
        });
      }
    );
  }
}