Skip to content

Commit

Permalink
feat: add content security policy, closes #141
Browse files Browse the repository at this point in the history
  • Loading branch information
kyranjamie committed Sep 25, 2020
1 parent a58d68b commit ec7e492
Show file tree
Hide file tree
Showing 5 changed files with 55 additions and 27 deletions.
36 changes: 36 additions & 0 deletions app/app-dev.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Stacks Wallet</title>
</head>

<body>
<div class="draggable-bar"></div>
<div id="root"></div>
<script>
if (typeof process === 'object') {
const scripts = [];

if (process.env.NODE_ENV === 'development') {
// Dynamically insert the DLL script in development env in the
// renderer process
scripts.push('../dll/renderer.dev.dll.js');
}
if (process.env.START_HOT) {
// Dynamically insert the bundled app script in the renderer process
const port = process.env.PORT || 1212;
scripts.push(`http://localhost:${port}/dist/renderer.dev.js`);
} else {
scripts.push('./dist/renderer.prod.js');
}

if (scripts.length) {
document.write(
scripts.map(script => `<script defer src="${script}"><\/script>`).join('')
);
}
}
</script>
</body>
</html>
30 changes: 6 additions & 24 deletions app/app.html
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,15 @@
<head>
<meta charset="utf-8" />
<title>Stacks Wallet</title>
<meta
http-equiv="Content-Security-Policy"
content="default-src 'none'; font-src 'self'; img-src data:; style-src 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'nonce-6ca3c3e1fcd34bbc8cfaeceaa8106e36'; connect-src *;"
/>
</head>

<body>
<div class="draggable-bar"></div>
<div id="root"></div>
<script>
if (typeof process === 'object') {
const scripts = [];

if (process.env.NODE_ENV === 'development') {
// Dynamically insert the DLL script in development env in the
// renderer process
scripts.push('../dll/renderer.dev.dll.js');
}
if (process.env.START_HOT) {
// Dynamically insert the bundled app script in the renderer process
const port = process.env.PORT || 1212;
scripts.push(`http://localhost:${port}/dist/renderer.dev.js`);
} else {
scripts.push('./dist/renderer.prod.js');
}

if (scripts.length) {
document.write(
scripts.map(script => `<script defer src="${script}"><\/script>`).join('')
);
}
}
</script>
<script src="./dist/renderer.prod.js" nonce="6ca3c3e1fcd34bbc8cfaeceaa8106e36"></script>
</body>
</html>
12 changes: 11 additions & 1 deletion app/main.dev.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ import windowState from 'electron-window-state';

import MenuBuilder from './menu';

// CSP enabled in production mode, don't warn in development
delete process.env.ELECTRON_ENABLE_SECURITY_WARNINGS;
process.env.ELECTRON_DISABLE_SECURITY_WARNINGS = 'true';

// eslint-disable-next-line import/no-default-export
export default class AppUpdater {
constructor() {
Expand Down Expand Up @@ -91,7 +95,13 @@ const createWindow = async () => {

mainWindowState.manage(mainWindow);

void mainWindow.loadURL(`file://${__dirname}/app.html`);
if (process.env.NODE_ENV === 'development' && process.env.DEBUG_PROD !== 'true') {
void mainWindow.loadURL(`file://${__dirname}/app-dev.html`);
}

if (process.env.NODE_ENV === 'production' || process.env.DEBUG_PROD === 'true') {
void mainWindow.loadURL(`file://${__dirname}/app.html`);
}

if (process.platform === 'win32') {
mainWindow.setMenuBarVisibility(false);
Expand Down
2 changes: 1 addition & 1 deletion configs/webpack.config.renderer.dev.babel.js
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ if (!requiredByDLLConfig && !(fs.existsSync(dll) && fs.existsSync(manifest))) {

// eslint-disable-next-line import/no-default-export
export default merge.smart(baseConfig, {
devtool: 'inline-source-map',
devtool: 'source-map',

mode: 'development',

Expand Down
2 changes: 1 addition & 1 deletion configs/webpack.config.renderer.dev.dll.babel.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ const dist = path.join(__dirname, '..', 'dll');
export default merge.smart(baseConfig, {
context: path.join(__dirname, '..'),

devtool: 'eval',
devtool: 'source-map',

mode: 'development',

Expand Down

0 comments on commit ec7e492

Please sign in to comment.