Fix browser-sync issue related to CSP

2024-11-10 14:54:12 +00:00 · 2023-05-12 16:15:14 +10:00 · 2023-05-12 16:15:14 +10:00 · c391b891d3
commit c391b891d3
parent ea0fb9a0b5
1 changed files with 37 additions and 0 deletions
--- a/desktop-app/src/main/main.ts
+++ b/desktop-app/src/main/main.ts
@ -114,6 +114,43 @@ const createWindow = async () => {
  initHttpBasicAuthHandlers(mainWindow);
  const webPermissionHandlers = WebPermissionHandlers(mainWindow);

+  // Add BROWSER_SYNC_HOST to the allowed Content-Security-Policy origins
+  mainWindow.webContents.session.webRequest.onHeadersReceived(
+    async (details, callback) => {
+      if (details.responseHeaders['content-security-policy']) {
+        let cspHeader = details.responseHeaders['content-security-policy'][0];
+
+        cspHeader = cspHeader.replace(
+          'default-src',
+          `default-src ${BROWSER_SYNC_HOST}`
+        );
+        cspHeader = cspHeader.replace(
+          'script-src',
+          `script-src ${BROWSER_SYNC_HOST}`
+        );
+        cspHeader = cspHeader.replace(
+          'script-src-elem',
+          `script-src-elem ${BROWSER_SYNC_HOST}`
+        );
+        cspHeader = cspHeader.replace(
+          'connect-src',
+          `connect-src ${BROWSER_SYNC_HOST} wss://${BROWSER_SYNC_HOST} ws://${BROWSER_SYNC_HOST}`
+        );
+        cspHeader = cspHeader.replace(
+          'child-src',
+          `child-src ${BROWSER_SYNC_HOST}`
+        );
+        cspHeader = cspHeader.replace(
+          'worker-src',
+          `worker-src ${BROWSER_SYNC_HOST}`
+        ); // Required when/if the browser-sync script is eventually relocated to a web worker
+
+        details.responseHeaders['content-security-policy'][0] = cspHeader;
+      }
+      callback({ responseHeaders: details.responseHeaders });
+    }
+  );
+
  mainWindow.loadURL(
    `${resolveHtmlPath('index.html')}?urlToOpen=${encodeURI(
      urlToOpen ?? 'undefined'