From cbc5c21c8b0d94e86ee9c882b8a5710adaf3de39 Mon Sep 17 00:00:00 2001 From: Stanislav Lysak Date: Sun, 11 Aug 2024 14:35:54 +0300 Subject: [PATCH] fet-1490: basic CSP --- package.json | 1 + src/App.js | 2 ++ src/csp.js | 24 ++++++++++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 src/csp.js diff --git a/package.json b/package.json index 3a3bac9..5a33135 100644 --- a/package.json +++ b/package.json @@ -66,6 +66,7 @@ "react-confetti": "6.0.1", "react-dev-utils": "^12.0.1", "react-dom": "^18.2.0", + "react-helmet": "^6.1.0", "react-refresh": "^0.11.0", "react-router-dom": "5.3.0", "react-use": "17.3.1", diff --git a/src/App.js b/src/App.js index 14ac71c..1faebb0 100644 --- a/src/App.js +++ b/src/App.js @@ -28,6 +28,7 @@ import Home from "./pages/Home"; import { useGetDelegates, useQueryString } from "./utils/hooks"; import { initWeb3Read, rpcUrl } from "./web3modal"; import { usePrevious } from "react-use"; +import { Csp } from "./csp"; const PROJECT_ID = "02f438d1701ea8029113972850066224"; @@ -164,6 +165,7 @@ function App() { return ( <> +
diff --git a/src/csp.js b/src/csp.js new file mode 100644 index 0000000..4e9ba08 --- /dev/null +++ b/src/csp.js @@ -0,0 +1,24 @@ +import { Helmet } from "react-helmet"; + +const resources = [ + "https://*.googletagmanager.com", + "plausible.io", + "static.cloudflareinsights.com", + "*.ens-app-v3.pages.dev", + "https://app.intercom.io", + "https://widget.intercom.io", + "https://js.intercomcdn.com", +].join(" "); + +const content = + process.env.NODE_ENV === "production" + ? `worker-src 'self'; script-src 'self' 'sha256-UyYcl+sKCF/ROFZPHBlozJrndwfNiC5KT5ZZfup/pPc=' ${resources} 'wasm-unsafe-eval';` + : "script-src 'self'"; + +export function Csp() { + return ( + + + + ); +}