blahai/haicord
1
0
Fork 0
Code Issues Pull requests Releases Activity

export CspPolicies map so plugins can whitelist themselves

Browse source
This commit is contained in:
Vendicated 2025-01-24 03:33:29 +01:00
parent 11143adb02
commit 0336ea1cb2
No known key found for this signature in database
GPG key ID: D66986BAF75ECF18
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/main/csp.ts
View file

@ -13,7 +13,7 @@ const CssSrc = ["style-src", "font-src"];
const MediaAndCssSrc = [...MediaSrc, ...CssSrc]; const MediaAndCssSrc = [...MediaSrc, ...CssSrc];
const MediaScriptsAndCssSrc = [...MediaAndCssSrc, "script-src", "worker-src"]; const MediaScriptsAndCssSrc = [...MediaAndCssSrc, "script-src", "worker-src"];
const Policies: PolicyMap = { export const CspPolicies: PolicyMap = {
"*.github.io": MediaAndCssSrc, // github pages, used by most themes "*.github.io": MediaAndCssSrc, // github pages, used by most themes
"raw.githubusercontent.com": MediaAndCssSrc, // github raw, used by some themes "raw.githubusercontent.com": MediaAndCssSrc, // github raw, used by some themes
"*.gitlab.io": MediaAndCssSrc, // gitlab pages, used by some themes "*.gitlab.io": MediaAndCssSrc, // gitlab pages, used by some themes
@ -92,7 +92,7 @@ const patchCsp = (headers: Record<string, string[]>) => {
pushDirective("script-src", "'unsafe-inline'", "'unsafe-eval'"); pushDirective("script-src", "'unsafe-inline'", "'unsafe-eval'");
for (const [host, directives] of Object.entries(Policies)) { for (const [host, directives] of Object.entries(CspPolicies)) {
for (const directive of directives) { for (const directive of directives) {
pushDirective(directive, host); pushDirective(directive, host);
} }