Skip to content

F
frontend
Commit ccc01ede authored by Max Alekseenko's avatar Max Alekseenko
Browse files
Options

move csp for marketplace to separate file

parent 3d6ae520
Show whitespace changes
Inline Side-by-side
Showing with 24 additions and 6 deletions
nextjs/csp/generateCspPolicy.ts
View file @ ccc01ede
...@@ -10,6 +10,7 @@ function generateCspPolicy() { ...@@ -10,6 +10,7 @@ function generateCspPolicy() {
descriptors.googleFonts(), descriptors.googleFonts(),
descriptors.googleReCaptcha(), descriptors.googleReCaptcha(),
descriptors.growthBook(), descriptors.growthBook(),
descriptors.marketplace(),
descriptors.mixpanel(), descriptors.mixpanel(),
descriptors.monaco(), descriptors.monaco(),
descriptors.safe(), descriptors.safe(),
......
nextjs/csp/policies/app.ts
View file @ ccc01ede
...@@ -31,8 +31,6 @@ const getCspReportUrl = () => { ...@@ -31,8 +31,6 @@ const getCspReportUrl = () => {
}; };
export function app(): CspDev.DirectiveDescriptor { export function app(): CspDev.DirectiveDescriptor {
const marketplaceFeaturePayload = getFeaturePayload(config.features.marketplace);
return { return {
'default-src': [ 'default-src': [
// KEY_WORDS.NONE, // KEY_WORDS.NONE,
...@@ -57,7 +55,6 @@ export function app(): CspDev.DirectiveDescriptor { ...@@ -57,7 +55,6 @@ export function app(): CspDev.DirectiveDescriptor {
getFeaturePayload(config.features.addressVerification)?.api.endpoint, getFeaturePayload(config.features.addressVerification)?.api.endpoint,
getFeaturePayload(config.features.nameService)?.api.endpoint, getFeaturePayload(config.features.nameService)?.api.endpoint,
getFeaturePayload(config.features.addressMetadata)?.api.endpoint, getFeaturePayload(config.features.addressMetadata)?.api.endpoint,
marketplaceFeaturePayload && 'api' in marketplaceFeaturePayload ? marketplaceFeaturePayload.api.endpoint : '',
// chain RPC server // chain RPC server
config.chain.rpcUrl, config.chain.rpcUrl,
...@@ -65,9 +62,6 @@ export function app(): CspDev.DirectiveDescriptor { ...@@ -65,9 +62,6 @@ export function app(): CspDev.DirectiveDescriptor {
// github (spec for api-docs page) // github (spec for api-docs page)
'raw.githubusercontent.com', 'raw.githubusercontent.com',
// airtable (for dapps ratings)
'api.airtable.com',
].filter(Boolean), ].filter(Boolean),
'script-src': [ 'script-src': [
......
nextjs/csp/policies/index.ts
View file @ ccc01ede
...@@ -5,6 +5,7 @@ export { googleAnalytics } from './googleAnalytics'; ...@@ -5,6 +5,7 @@ export { googleAnalytics } from './googleAnalytics';
export { googleFonts } from './googleFonts'; export { googleFonts } from './googleFonts';
export { googleReCaptcha } from './googleReCaptcha'; export { googleReCaptcha } from './googleReCaptcha';
export { growthBook } from './growthBook'; export { growthBook } from './growthBook';
export { marketplace } from './marketplace';
export { mixpanel } from './mixpanel'; export { mixpanel } from './mixpanel';
export { monaco } from './monaco'; export { monaco } from './monaco';
export { safe } from './safe'; export { safe } from './safe';
......
nextjs/csp/policies/marketplace.ts 0 → 100644
View file @ ccc01ede
import type CspDev from 'csp-dev';
import config from 'configs/app';
const feature = config.features.marketplace;
export function marketplace(): CspDev.DirectiveDescriptor {
if (!feature.isEnabled) {
return {};
}
return {
'connect-src': [
'api' in feature ? feature.api.endpoint : '',
feature.rating ? 'https://api.airtable.com' : '',
],
'frame-src': [
'*',
],
};
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment