From 42957dbb162a0b72feb86fbaeb993bcc2f851ec7 Mon Sep 17 00:00:00 2001 From: Jiiks Date: Tue, 7 Aug 2018 20:17:34 +0300 Subject: [PATCH] add devtool hashes and move them to the top. Pushing to master since it's minor change. --- core/src/main.js | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/core/src/main.js b/core/src/main.js index 23a92132..a7c712ee 100644 --- a/core/src/main.js +++ b/core/src/main.js @@ -54,6 +54,14 @@ const globals = { paths }; +const CSP = { + 'img-src': ['https://cdn.betterttv.net', 'https://cdn.frankerfacez.com'], + 'script-src': [ + "'sha256-fSHKdpQGCHaIqWP3SpJOuUHrLp49jy4dWHzZ/RBJ/p4='", // React Devtools + "'sha256-VFJcfKY5B3EBkFDgQnv3CozPwBlZcxwssfLVWlPFfZU='", // Vue Devtools + "'sha256-VzDmLZ4PxPkOS/KY7ITzLQsSWhfCnvUrNculcj8UNgE=' 'sha256-l6K+77Z1cmldR9gIvaVWlboF/zr5MXCQHcsEHfnr5TU='"] // Vue Detector +}; + class PatchedBrowserWindow extends BrowserWindow { constructor(originalOptions) { const userOptions = PatchedBrowserWindow.userWindowPreferences; @@ -249,13 +257,11 @@ export class BetterDiscord { session.defaultSession.webRequest.onHeadersReceived((details, callback) => { for (let [header, values] of Object.entries(details.responseHeaders)) { if (!header.match(/^Content-Security-Policy(-Report-Only)?$/i)) continue; - details.responseHeaders[header] = values.map(value => { const policy = new ContentSecurityPolicy(value); - - // Add hosts that serve emotes (https://static-cdn.jtvnw.net is already in the CSP) - policy.set('img-src', `${policy.get('img-src') || policy.get('default-src')} https://cdn.betterttv.net https://cdn.frankerfacez.com`); - + for (const [key, value] of Object.entries(CSP)) { + policy.add(key, value.join(' ')); + } return policy.toString(); }); }