mirror of
https://github.com/pezkuwichain/pwap.git
synced 2026-07-12 21:35:51 +00:00
1295c36241
- Fixed TypeScript type assertion issues - Updated imports from api-augment/substrate to api-augment/bizinikiwi - Fixed imgConvert.mjs header and imports - Added @ts-expect-error for runtime-converted types - Fixed all @polkadot copyright headers to @pezkuwi
30 lines
1.2 KiB
TypeScript
30 lines
1.2 KiB
TypeScript
// Copyright 2017-2025 @pezkuwi/apps authors & contributors
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
import type { HeadersReceivedResponse } from 'electron';
|
|
|
|
import { session } from 'electron';
|
|
|
|
export function setupContentSecurityPolicy (_: string): void {
|
|
session.defaultSession.webRequest.onHeadersReceived((details, respond: (response: HeadersReceivedResponse) => void) => {
|
|
respond({
|
|
responseHeaders: {
|
|
...details.responseHeaders,
|
|
'Content-Security-Policy': [
|
|
"default-src 'self';" +
|
|
" style-src-elem 'self' https://fonts.googleapis.com/css 'unsafe-inline';" +
|
|
" font-src data: 'self' https://fonts.gstatic.com;" +
|
|
" style-src 'unsafe-inline';" +
|
|
" connect-src 'self' wss: ws:;" +
|
|
" img-src 'self' data:;" +
|
|
// react-qr-reader uses an embedded blob
|
|
" worker-src 'self' blob: filesystem:;" +
|
|
// unsafe-eval is needed for the WASM content - same as the extension
|
|
// script hashes here are for the window.top script (not technically needed)
|
|
" script-src 'self' 'unsafe-eval' 'sha256-02/ejyoV/iwRdJ4NAsxjzF6WVUtLMPM6Nv96EbAm6u8=' 'sha256-wW/WsLudCDaPo/ibpeK0KslHqYpCzcAKNFxFBXwCHJg='"
|
|
]
|
|
}
|
|
});
|
|
});
|
|
}
|