From c783d149c925bf24eef3ddb40957130309af30db Mon Sep 17 00:00:00 2001 From: Stanislav Lysak Date: Sun, 11 Aug 2024 14:29:46 +0300 Subject: [PATCH] fet-1490: basic CSP --- index.html | 3 +-- package.json | 1 + src/csp.tsx | 24 ++++++++++++++++++++++++ src/main.tsx | 2 ++ 4 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 src/csp.tsx diff --git a/index.html b/index.html index e0dea3e..957f311 100644 --- a/index.html +++ b/index.html @@ -2,7 +2,6 @@ - ENS Deed Reclaim @@ -13,4 +12,4 @@ - \ No newline at end of file + diff --git a/package.json b/package.json index cbbbe10..62a47af 100644 --- a/package.json +++ b/package.json @@ -17,6 +17,7 @@ "graphql-request": "^7.0.1", "react": "^18.2.0", "react-dom": "^18.2.0", + "react-helmet": "^6.1.0", "react-transition-state": "^1.1.5", "styled-components": "^6.1.11", "viem": "2.13.6", diff --git a/src/csp.tsx b/src/csp.tsx new file mode 100644 index 0000000..9e87556 --- /dev/null +++ b/src/csp.tsx @@ -0,0 +1,24 @@ +import { Helmet } from "react-helmet"; + +const resources = [ + "https://*.googletagmanager.com", + "plausible.io", + "static.cloudflareinsights.com", + "*.ens-app-v3.pages.dev", + "https://app.intercom.io", + "https://widget.intercom.io", + "https://js.intercomcdn.com", +].join(" "); + +const content = + meta.env.NODE_ENV === "production" + ? `worker-src 'self'; script-src 'self' 'sha256-UyYcl+sKCF/ROFZPHBlozJrndwfNiC5KT5ZZfup/pPc=' ${resources} 'wasm-unsafe-eval';` + : "script-src 'self'"; + +export function Csp() { + return ( + + + + ); +} diff --git a/src/main.tsx b/src/main.tsx index fd4bcd5..148142e 100644 --- a/src/main.tsx +++ b/src/main.tsx @@ -10,6 +10,7 @@ import { WagmiProvider } from "wagmi"; import { ThorinGlobalStyles, lightTheme } from "@ensdomains/thorin"; import { ThemeProvider } from "styled-components"; import App from "./App.tsx"; +import { Csp } from "./csp"; import { config } from "./wagmi.ts"; import "./index.css"; @@ -25,6 +26,7 @@ ReactDOM.createRoot(document.getElementById("root")!).render( +