Add hosts that serve emotes to the content security policy

2018-07-07 14:26:48 +01:00 · 2018-07-07 14:26:48 +01:00 · e169206821
parent cd77d659a5
commit e169206821
3 changed files with 30 additions and 2 deletions
--- a/core/src/main.js
+++ b/core/src/main.js
@ -10,8 +10,9 @@

 import path from 'path';
 import sass from 'node-sass';
-import { BrowserWindow, dialog } from 'electron';
+import { BrowserWindow, dialog, session } from 'electron';
 import deepmerge from 'deepmerge';
+import ContentSecurityPolicy from 'csp-parse';

 import { FileUtils, BDIpc, Config, WindowUtils, CSSEditor, Database } from './modules';

@ -239,6 +240,29 @@ export class BetterDiscord {
        browser_window_module.exports = PatchedBrowserWindow;
    }

+    /**
+     * Attaches an event handler for HTTP requests to update the Content Security Policy.
+     */
+    static hookSessionRequest() {
+        session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
+            for (let [header, values] of Object.entries(details.responseHeaders)) {
+                if (!header.match(/^Content-Security-Policy(-Report-Only)?$/i)) continue;
+
+                details.responseHeaders[header] = values.map(value => {
+                    const policy = new ContentSecurityPolicy(value);
+
+                    // Add hosts that serve emotes (https://static-cdn.jtvnw.net is already in the CSP)
+                    policy.set('img-src', `${policy.get('img-src') || policy.get('default-src')} https://cdn.betterttv.net https://cdn.frankerfacez.com`);
+
+                    return policy.toString();
+                });
+            }
+
+            callback({ responseHeaders: details.responseHeaders });
+        });
+    }
+
 }

 BetterDiscord.patchBrowserWindow();
+BetterDiscord.hookSessionRequest();
--- a/package-lock.json
+++ b/package-lock.json
@ -2744,6 +2744,9 @@
        "randomfill": "1.0.4"
      }
    },
+    "csp-parse": {
+      "version": "github:macropodhq/csp-parse#db7d5f954b420b527d7fb452a93bb6e2fa302c5a"
+    },
    "css-color-names": {
      "version": "0.0.4",
      "resolved": "https://registry.npmjs.org/css-color-names/-/css-color-names-0.0.4.tgz",
--- a/package.json
+++ b/package.json
@ -5,7 +5,7 @@
  "version": "2.0.0a",
  "homepage": "https://betterdiscord.net",
  "license": "MIT",
-  "main": "./core/index.js",
+  "main": "core/dist/main.js",
  "contributors": [
    "Jiiks",
    "Pohky"
@ -16,6 +16,7 @@
  },
  "private": false,
  "dependencies": {
+    "csp-parse": "github:macropodhq/csp-parse",
    "deepmerge": "^2.1.1",
    "nedb": "^1.8.0",
    "node-sass": "^4.9.0"