From b642e2cc709492693edc06a619ce71e6911e993b Mon Sep 17 00:00:00 2001 From: Sergey Kintsel Date: Thu, 19 Sep 2024 11:40:00 +0100 Subject: [PATCH] Set CSP & permissions requests handling --- apps/desktop/package.json | 1 - apps/desktop/public/electron.js | 42 +++++++++++++++++++++++++-------- pnpm-lock.yaml | 3 --- 3 files changed, 32 insertions(+), 14 deletions(-) diff --git a/apps/desktop/package.json b/apps/desktop/package.json index 26be613cb7..0e2df944b4 100644 --- a/apps/desktop/package.json +++ b/apps/desktop/package.json @@ -55,7 +55,6 @@ "@emotion/is-prop-valid": "^1.3.1", "@emotion/react": "^11.13.3", "@emotion/styled": "^11.13.0", - "@ledgerhq/hw-transport-webusb": "^6.29.3", "@reduxjs/toolkit": "^2.2.7", "@tanstack/react-query": "^5.56.2", "@tanstack/react-query-devtools": "^5.56.2", diff --git a/apps/desktop/public/electron.js b/apps/desktop/public/electron.js index c38aa59846..a92f87c10d 100644 --- a/apps/desktop/public/electron.js +++ b/apps/desktop/public/electron.js @@ -4,7 +4,6 @@ const path = require("path"); const url = require("url"); const process = require("process"); const { autoUpdater } = require("electron-updater"); - const APP_PROTOCOL = "app"; const APP_HOST = "assets"; @@ -66,6 +65,38 @@ function createWindow() { ); }); + mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => { + callback({ + responseHeaders: { + ...details.responseHeaders, + "Content-Security-Policy": ["script-src 'self'"], + }, + }); + }); + + mainWindow.webContents.session.setPermissionCheckHandler((_, permission) => { + switch (permission) { + case "usb": + case "clipboard-sanitized-write": + case "background-sync": + case "accessibility-events": + return true; + default: + return false; + } + }); + + mainWindow.webContents.session.setPermissionRequestHandler((_, permission, callback) => { + switch (permission) { + case "clipboard-sanitized-write": + case "clipboard-read": + callback(true); + break; + default: + callback(false); + } + }); + protocol.handle(APP_PROTOCOL, async req => { try { const uri = new URL(decodeURI(req.url)); @@ -107,15 +138,6 @@ function createWindow() { } }); - mainWindow.webContents.setWindowOpenHandler(details => { - if (details.url.startsWith("https") || details.url.startsWith("mailto")) { - shell.openExternal(details.url); - return { action: "deny" }; - } else { - return { action: "allow" }; - } - }); - // Emitted when the window is closed. mainWindow.on("closed", () => { // Dereference the window object, usually you would store windows diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 9a795821b3..3d137da5b8 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -82,9 +82,6 @@ importers: '@emotion/styled': specifier: ^11.13.0 version: 11.13.0(@emotion/react@11.13.3(@types/react@18.3.7)(react@18.3.1))(@types/react@18.3.7)(react@18.3.1) - '@ledgerhq/hw-transport-webusb': - specifier: ^6.29.3 - version: 6.29.3 '@reduxjs/toolkit': specifier: ^2.2.7 version: 2.2.7(react-redux@9.1.2(@types/react@18.3.7)(react@18.3.1)(redux@5.0.1))(react@18.3.1)