From fdef11edf13db6eeca1b94ea671f59701537c608 Mon Sep 17 00:00:00 2001 From: yan Date: Mon, 19 Mar 2018 11:21:55 -0700 Subject: [PATCH 1/2] Allow 'self' CSP connect-src by default fix https://github.com/brave/browser-laptop/issues/13499 --- app/extensions.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/extensions.js b/app/extensions.js index bf4d1c3a224..b50f6fdcd8e 100644 --- a/app/extensions.js +++ b/app/extensions.js @@ -198,7 +198,7 @@ let generateBraveManifest = () => { 'style-src': '\'self\' \'unsafe-inline\'', 'font-src': '\'self\' data:', 'img-src': '* data: file://*', - 'connect-src': 'https://www.youtube.com', + 'connect-src': '\'self\' https://www.youtube.com', 'frame-src': '\'self\' https://brave.com' } @@ -207,7 +207,6 @@ let generateBraveManifest = () => { let devServer = 'localhost:' + process.env.npm_package_config_port cspDirectives['default-src'] = '\'self\' http://' + devServer cspDirectives['connect-src'] = cspDirectives['connect-src'] + [ - ' \'self\'', 'http://' + devServer, 'ws://' + devServer ].join(' ') From f488be2d934aa160cf68c6f3645a68da329facab Mon Sep 17 00:00:00 2001 From: yan Date: Mon, 19 Mar 2018 11:30:46 -0700 Subject: [PATCH 2/2] fix whitespace error in CSP directives --- app/extensions.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/extensions.js b/app/extensions.js index b50f6fdcd8e..60161eee53a 100644 --- a/app/extensions.js +++ b/app/extensions.js @@ -206,7 +206,8 @@ let generateBraveManifest = () => { // allow access to webpack dev server resources let devServer = 'localhost:' + process.env.npm_package_config_port cspDirectives['default-src'] = '\'self\' http://' + devServer - cspDirectives['connect-src'] = cspDirectives['connect-src'] + [ + cspDirectives['connect-src'] = [ + cspDirectives['connect-src'], 'http://' + devServer, 'ws://' + devServer ].join(' ')