content security policy
This commit is contained in:
parent
8b47c4b178
commit
8cde19ba25
16
app.ts
16
app.ts
@ -1,12 +1,14 @@
|
|||||||
import { app, BrowserWindow, session } from "electron";
|
import { app, BrowserWindow, session } from "electron";
|
||||||
import { get_setting } from "./src/setting";
|
import { get_setting } from "./src/setting";
|
||||||
import { create_server, start_server } from "./src/server";
|
import { create_server, start_server } from "./src/server";
|
||||||
import { getAdminCookieValue, loginTokenName } from "./src/login";
|
import { getAdminAccessTokenValue,getAdminRefreshTokenValue, accessTokenName, refreshTokenName } from "./src/login";
|
||||||
|
|
||||||
const get_loading_html = (content?:string)=> `<!DOCTYPE html>
|
const get_loading_html = (content?:string)=> `<!DOCTYPE html>
|
||||||
<html lang="ko"><head>
|
<html lang="ko"><head>
|
||||||
<meta charset="UTF-8">
|
<meta charset="UTF-8">
|
||||||
<title>react-sample</title>
|
<title>react-sample</title>
|
||||||
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
|
||||||
|
fonts.googleapis.com; font-src 'self' fonts.gstatic.com">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
</head>
|
</head>
|
||||||
<style>
|
<style>
|
||||||
@ -49,8 +51,16 @@ if (!setting.cli) {
|
|||||||
await window.loadURL(`data:text/html;base64,`+Buffer.from(get_loading_html()).toString('base64'));
|
await window.loadURL(`data:text/html;base64,`+Buffer.from(get_loading_html()).toString('base64'));
|
||||||
await session.defaultSession.cookies.set({
|
await session.defaultSession.cookies.set({
|
||||||
url:`http://localhost:${setting.port}`,
|
url:`http://localhost:${setting.port}`,
|
||||||
name:loginTokenName,
|
name:accessTokenName,
|
||||||
value:getAdminCookieValue(),
|
value:getAdminAccessTokenValue(),
|
||||||
|
httpOnly: true,
|
||||||
|
secure: false,
|
||||||
|
sameSite:"strict"
|
||||||
|
});
|
||||||
|
await session.defaultSession.cookies.set({
|
||||||
|
url:`http://localhost:${setting.port}`,
|
||||||
|
name:refreshTokenName,
|
||||||
|
value:getAdminRefreshTokenValue(),
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
secure: false,
|
secure: false,
|
||||||
sameSite:"strict"
|
sameSite:"strict"
|
||||||
|
|||||||
@ -3,6 +3,8 @@
|
|||||||
<head>
|
<head>
|
||||||
<meta charset="UTF-8">
|
<meta charset="UTF-8">
|
||||||
<title>react-sample</title>
|
<title>react-sample</title>
|
||||||
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com;
|
||||||
|
font-src 'self' fonts.gstatic.com">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
<link rel="stylesheet" href="/dist/css/style.css">
|
<link rel="stylesheet" href="/dist/css/style.css">
|
||||||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap" />
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap" />
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user