From b68c1fbd04954dc0f9684bb3eca20ba62912a999 Mon Sep 17 00:00:00 2001
From: Jiiks <jiiks@windowslive.com>
Date: Tue, 5 Mar 2019 21:02:06 +0200
Subject: [PATCH] Move csp and add some sources.

---
 core/src/csp.json | 25 +++++++++++++++++++++++++
 core/src/csp.txt  |  3 +++
 core/src/main.js  |  9 +--------
 3 files changed, 29 insertions(+), 8 deletions(-)
 create mode 100644 core/src/csp.json
 create mode 100644 core/src/csp.txt

diff --git a/core/src/csp.json b/core/src/csp.json
new file mode 100644
index 00000000..60cda831
--- /dev/null
+++ b/core/src/csp.json
@@ -0,0 +1,25 @@
+{
+    "img-src": [
+        "https://cdn.betterttv.net",
+        "https://cdn.frankerfacez.com",
+        "https://i.imgur.com"
+    ],
+    "style-src": [
+        "https://fonts.googleapis.com"
+    ], 
+    "script-src": [
+        "'sha256-fSHKdpQGCHaIqWP3SpJOuUHrLp49jy4dWHzZ/RBJ/p4='",
+        "'sha256-VFJcfKY5B3EBkFDgQnv3CozPwBlZcxwssfLVWlPFfZU='",
+        "'sha256-VzDmLZ4PxPkOS/KY7ITzLQsSWhfCnvUrNculcj8UNgE='",
+        "'sha256-l6K+77Z1cmldR9gIvaVWlboF/zr5MXCQHcsEHfnr5TU='"
+    ],
+    "connect-src": [
+        "https://github.com",
+        "https://api.github.com",
+        "https://betterdiscord.net",
+        "https://api.betterdiscord.net",
+        "https://cdn.betterdiscord.net",
+        "https://api.supersecretbdapiandcdn.net",
+        "https://cdn.supersecretbdapiandcdn.net"
+    ]
+}
diff --git a/core/src/csp.txt b/core/src/csp.txt
new file mode 100644
index 00000000..cac197d7
--- /dev/null
+++ b/core/src/csp.txt
@@ -0,0 +1,3 @@
+React Devtools: sha256-fSHKdpQGCHaIqWP3SpJOuUHrLp49jy4dWHzZ/RBJ/p4=
+Vue Devtools:   sha256-VFJcfKY5B3EBkFDgQnv3CozPwBlZcxwssfLVWlPFfZU=
+Vue Detector:   sha256-l6K+77Z1cmldR9gIvaVWlboF/zr5MXCQHcsEHfnr5TU=
diff --git a/core/src/main.js b/core/src/main.js
index f1e726cc..8a5fa74d 100644
--- a/core/src/main.js
+++ b/core/src/main.js
@@ -54,14 +54,7 @@ const sparkplug = path.resolve(__dirname, 'sparkplug.js');
 
 let configProxy;
 
-const CSP = {
-    'img-src': ['https://cdn.betterttv.net', 'https://cdn.frankerfacez.com'],
-    'script-src': [
-        `'sha256-fSHKdpQGCHaIqWP3SpJOuUHrLp49jy4dWHzZ/RBJ/p4='`, // React Devtools
-        `'sha256-VFJcfKY5B3EBkFDgQnv3CozPwBlZcxwssfLVWlPFfZU='`, // Vue Devtools
-        `'sha256-VzDmLZ4PxPkOS/KY7ITzLQsSWhfCnvUrNculcj8UNgE=' 'sha256-l6K+77Z1cmldR9gIvaVWlboF/zr5MXCQHcsEHfnr5TU='` // Vue Detector
-    ]
-};
+const CSP = TESTS ? require('../src/csp.json') : require('./csp.json');
 
 class Comms {
     constructor(bd) {