-
Notifications
You must be signed in to change notification settings - Fork 102
/
Copy pathconstants.js
67 lines (57 loc) · 2.19 KB
/
constants.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// @flow
/* eslint-disable import/no-unused-modules */
export function genCSP(request: {|
isDev: boolean,
additional: {|
'default-src'?: Array<string>,
'frame-src'?: Array<string>,
'object-src'?: Array<string>,
'connect-src'?: Array<string>,
'style-src'?: Array<string>,
'img-src'?: Array<string>,
|},
|}): string {
const defaultSrc = request.additional['default-src'] ?? [];
const frameSrc = request.additional['frame-src'] ?? [];
const objectSrc = request.additional['object-src'] ?? [];
const connectSrc = request.additional['connect-src'] ?? [];
const styleSrc = request.additional['style-src'] ?? [];
const imgSrc = request.additional['img-src'] ?? [];
imgSrc.push('https://static.adapools.org/');
imgSrc.push('https://ipfs.io/ipfs/');
// connectSrc.push('https://api.dropboxapi.com');
// connectSrc.push('https://content.dropboxapi.com');
frameSrc.push('https://connect.trezor.io/');
frameSrc.push('https://emurgo.github.io/');
frameSrc.push('https://www.youtube.com/')
// Analytics
connectSrc.push('https://analytics.emurgo-rnd.com/');
connectSrc.push('https://api2.amplitude.com');
connectSrc.push('https://api.muesliswap.com');
// Resolver
connectSrc.push('https://api.handle.me/');
connectSrc.push('https://api.unstoppabledomains.com/');
// Pool info
connectSrc.push('https://a.cexplorer.io/');
imgSrc.push('https://img.cexplorer.io/');
imgSrc.push('https://corsproxy.io/');
// Swap
connectSrc.push('https://aggregator.muesliswap.com/');
connectSrc.push('https://onchain2.muesliswap.com/');
// unsafe-inline is unfortunately required by style-loader (even in production builds)
const evalStyle = "'unsafe-inline'";
return [
`default-src 'self' ${defaultSrc.join(' ')};`,
`frame-src ${frameSrc.join(' ')};`,
`script-src 'self' 'wasm-unsafe-eval';`,
`object-src 'self' ${objectSrc.join(' ')};`,
`connect-src ${connectSrc.join(' ')};`,
`style-src * ${evalStyle} 'self' ${styleSrc.join(' ')} blob:;`,
`img-src 'self' ${imgSrc.join(' ')} https: data: ;`,
].join(' ');
}
export const injectedScripts = [
'cardanoApiInject.js',
'initialInject.js',
];
export const speculosEndpoint = 'http://localhost:5001';