Skip to content

F
frontend
Commit 806d2120 authored by tom's avatar tom
Browse files
Options

fix csp issues from sentry

parent 43fdf196
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 3 deletions
lib/csp/getCspPolicy.ts
View file @ 806d2120
import _unique from 'lodash/uniq';
import appConfig from 'configs/app/config'; import appConfig from 'configs/app/config';
import featuredNetworks from 'lib/networks/featuredNetworks'; import featuredNetworks from 'lib/networks/featuredNetworks';
...@@ -33,7 +35,7 @@ function getMarketplaceAppsOrigins() { ...@@ -33,7 +35,7 @@ function getMarketplaceAppsOrigins() {
} }
function getMarketplaceAppsLogosOrigins() { function getMarketplaceAppsLogosOrigins() {
return getMarketplaceApps().map(({ logo }) => logo); return getMarketplaceApps().map(({ logo }) => new URL(logo));
} }
function makePolicyMap() { function makePolicyMap() {
...@@ -91,11 +93,17 @@ function makePolicyMap() { ...@@ -91,11 +93,17 @@ function makePolicyMap() {
// github avatars // github avatars
'avatars.githubusercontent.com', 'avatars.githubusercontent.com',
// other github assets (e.g trustwallet token icons)
'raw.githubusercontent.com',
// auth0 assets
's.gravatar.com',
// network assets // network assets
...networkExternalAssets.map((url) => url.host), ...networkExternalAssets.map((url) => url.host),
// marketplace apps logos // marketplace apps logos
...getMarketplaceAppsLogosOrigins(), ...getMarketplaceAppsLogosOrigins().map((url) => url.host),
], ],
'font-src': [ 'font-src': [
...@@ -133,7 +141,8 @@ function getCspPolicy() { ...@@ -133,7 +141,8 @@ function getCspPolicy() {
return; return;
} }
return [ key, value.join(' ') ].join(' '); const uniqueValues = _unique(value);
return [ key, uniqueValues.join(' ') ].join(' ');
}) })
.filter(Boolean) .filter(Boolean)
.join(';'); .join(';');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment