Files
pwap/pezkuwi-sdk-ui/packages/apps-electron/src/electron/contentSecurityPolicy.ts
T
pezkuwichain 1295c36241 Rebrand: polkadot → pezkuwi build fixes
- Fixed TypeScript type assertion issues
- Updated imports from api-augment/substrate to api-augment/bizinikiwi
- Fixed imgConvert.mjs header and imports
- Added @ts-expect-error for runtime-converted types
- Fixed all @polkadot copyright headers to @pezkuwi
2026-01-07 02:32:54 +03:00

30 lines
1.2 KiB
TypeScript

// Copyright 2017-2025 @pezkuwi/apps authors & contributors
// SPDX-License-Identifier: Apache-2.0
import type { HeadersReceivedResponse } from 'electron';
import { session } from 'electron';
export function setupContentSecurityPolicy (_: string): void {
session.defaultSession.webRequest.onHeadersReceived((details, respond: (response: HeadersReceivedResponse) => void) => {
respond({
responseHeaders: {
...details.responseHeaders,
'Content-Security-Policy': [
"default-src 'self';" +
" style-src-elem 'self' https://fonts.googleapis.com/css 'unsafe-inline';" +
" font-src data: 'self' https://fonts.gstatic.com;" +
" style-src 'unsafe-inline';" +
" connect-src 'self' wss: ws:;" +
" img-src 'self' data:;" +
// react-qr-reader uses an embedded blob
" worker-src 'self' blob: filesystem:;" +
// unsafe-eval is needed for the WASM content - same as the extension
// script hashes here are for the window.top script (not technically needed)
" script-src 'self' 'unsafe-eval' 'sha256-02/ejyoV/iwRdJ4NAsxjzF6WVUtLMPM6Nv96EbAm6u8=' 'sha256-wW/WsLudCDaPo/ibpeK0KslHqYpCzcAKNFxFBXwCHJg='"
]
}
});
});
}