Skip to content

F
frontend
Commit 3190ad7e authored by tom's avatar tom
Browse files
Options

add network assets to csp

parent 1b89cb7e
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 0 deletions
lib/csp/getCspPolicy.ts
View file @ 3190ad7e
import isDev from 'lib/isDev'; import isDev from 'lib/isDev';
import { NETWORKS } from 'lib/networks';
enum KEY_WORDS { enum KEY_WORDS {
BLOB = 'blob:', BLOB = 'blob:',
...@@ -13,7 +14,17 @@ enum KEY_WORDS { ...@@ -13,7 +14,17 @@ enum KEY_WORDS {
const MAIN_DOMAINS = [ '*.blockscout.com', 'blockscout.com' ]; const MAIN_DOMAINS = [ '*.blockscout.com', 'blockscout.com' ];
function getNetworksExternalAssets() {
const icons = NETWORKS
.filter(({ icon }) => typeof icon === 'string')
.map(({ icon }) => new URL(icon as string));
return icons;
}
function makePolicyMap() { function makePolicyMap() {
const networkExternalAssets = getNetworksExternalAssets();
return { return {
'default-src': [ 'default-src': [
KEY_WORDS.NONE, KEY_WORDS.NONE,
...@@ -65,6 +76,9 @@ function makePolicyMap() { ...@@ -65,6 +76,9 @@ function makePolicyMap() {
// github avatars // github avatars
'avatars.githubusercontent.com', 'avatars.githubusercontent.com',
// network assets
...networkExternalAssets.map((url) => url.host),
], ],
'font-src': [ 'font-src': [
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment