lightcordwarez
/
BetterDiscordApp-v2
mirror of https://github.com/JsSucks/BetterDiscordApp
1
0
Fork 0
Code Issues 3 Releases Wiki Activity

Add hosts that serve emotes to the content security policy

This commit is contained in:
Samuel Elliott 2018-07-07 14:26:48 +01:00
parent cd77d659a5
commit e169206821
No known key found for this signature in database
GPG Key ID: 8420C7CDE43DC4D6
3 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
core/src/main.js
View File

@ -10,8 +10,9 @@
import path from 'path'; import path from 'path';
import sass from 'node-sass'; import sass from 'node-sass';
import { BrowserWindow, dialog } from 'electron'; import { BrowserWindow, dialog, session } from 'electron';
import deepmerge from 'deepmerge'; import deepmerge from 'deepmerge';
import ContentSecurityPolicy from 'csp-parse';
import { FileUtils, BDIpc, Config, WindowUtils, CSSEditor, Database } from './modules'; import { FileUtils, BDIpc, Config, WindowUtils, CSSEditor, Database } from './modules';
@ -239,6 +240,29 @@ export class BetterDiscord {
browser_window_module.exports = PatchedBrowserWindow; browser_window_module.exports = PatchedBrowserWindow;
} }
/**
* Attaches an event handler for HTTP requests to update the Content Security Policy.
*/
static hookSessionRequest() {
session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
for (let [header, values] of Object.entries(details.responseHeaders)) {
if (!header.match(/^Content-Security-Policy(-Report-Only)?$/i)) continue;
details.responseHeaders[header] = values.map(value => {
const policy = new ContentSecurityPolicy(value);
// Add hosts that serve emotes (https://static-cdn.jtvnw.net is already in the CSP)
policy.set('img-src', `${policy.get('img-src') || policy.get('default-src')} https://cdn.betterttv.net https://cdn.frankerfacez.com`);
return policy.toString();
});
}
callback({ responseHeaders: details.responseHeaders });
});
}
} }
BetterDiscord.patchBrowserWindow(); BetterDiscord.patchBrowserWindow();
BetterDiscord.hookSessionRequest();

3
package-lock.json generated
View File

@ -2744,6 +2744,9 @@
"randomfill": "1.0.4" "randomfill": "1.0.4"
} }
}, },
"csp-parse": {
"version": "github:macropodhq/csp-parse#db7d5f954b420b527d7fb452a93bb6e2fa302c5a"
},
"css-color-names": { "css-color-names": {
"version": "0.0.4", "version": "0.0.4",
"resolved": "https://registry.npmjs.org/css-color-names/-/css-color-names-0.0.4.tgz", "resolved": "https://registry.npmjs.org/css-color-names/-/css-color-names-0.0.4.tgz",

3
package.json
View File

@ -5,7 +5,7 @@
"version": "2.0.0a", "version": "2.0.0a",
"homepage": "https://betterdiscord.net", "homepage": "https://betterdiscord.net",
"license": "MIT", "license": "MIT",
"main": "./core/index.js", "main": "core/dist/main.js",
"contributors": [ "contributors": [
"Jiiks", "Jiiks",
"Pohky" "Pohky"
@ -16,6 +16,7 @@
}, },
"private": false, "private": false,
"dependencies": { "dependencies": {
"csp-parse": "github:macropodhq/csp-parse",
"deepmerge": "^2.1.1", "deepmerge": "^2.1.1",
"nedb": "^1.8.0", "nedb": "^1.8.0",
"node-sass": "^4.9.0" "node-sass": "^4.9.0"