blahai/haicord
1
0
Fork 0
Code Issues Pull requests Releases Activity

whitelist plugin specific domains

Browse source
This commit is contained in:
Vendicated 2025-01-24 03:32:15 +01:00
parent 6166a1c115
commit 11143adb02
No known key found for this signature in database
GPG key ID: D66986BAF75ECF18
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/main/csp.ts
View file

@ -32,12 +32,20 @@ const Policies: PolicyMap = {
"cdn.discordapp.com": MediaAndCssSrc, // Discord CDN, used by Vencord and some themes to load media "cdn.discordapp.com": MediaAndCssSrc, // Discord CDN, used by Vencord and some themes to load media
"media.discordapp.net": MediaSrc, // Discord media CDN, possible alternative to Discord CDN "media.discordapp.net": MediaSrc, // Discord media CDN, possible alternative to Discord CDN
"*.vencord.dev": MediaSrc, // used for VenCloud (api.vencord.dev) and badges (badges.vencord.dev)
// CDNs used for some things by Vencord. // CDNs used for some things by Vencord.
// FIXME: we really should not be using CDNs anymore // FIXME: we really should not be using CDNs anymore
"cdnjs.cloudflare.com": MediaScriptsAndCssSrc, "cdnjs.cloudflare.com": MediaScriptsAndCssSrc,
"unpkg.com": MediaScriptsAndCssSrc, "unpkg.com": MediaScriptsAndCssSrc,
// Function Specific
"api.github.com": ["connect-src"], // used for updating Vencord itself
"ws.audioscrobbler.com": ["connect-src"], // last.fm API
"translate.googleapis.com": ["connect-src"], // Google Translate API
"*.vencord.dev": MediaSrc, // VenCloud (api.vencord.dev) and Badges (badges.vencord.dev)
"manti.vendicated.dev": MediaSrc, // ReviewDB API
"decor.fieryflames.dev": MediaSrc, // Decor API
"sponsor.ajay.app": MediaSrc, // Dearrow API
"usrbg.is-hardly.online": MediaSrc, // USRBG API
}; };
const findHeader = (headers: PolicyMap, headerName: Lowercase<string>) => { const findHeader = (headers: PolicyMap, headerName: Lowercase<string>) => {