monoid
/
ionian
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

content security policy

This commit is contained in:
monoid 2021-01-11 03:14:29 +09:00
parent 8b47c4b178
commit 8cde19ba25
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app.ts
View File

@ -1,12 +1,14 @@
import { app, BrowserWindow, session } from "electron"; import { app, BrowserWindow, session } from "electron";
import { get_setting } from "./src/setting"; import { get_setting } from "./src/setting";
import { create_server, start_server } from "./src/server"; import { create_server, start_server } from "./src/server";
import { getAdminCookieValue, loginTokenName } from "./src/login"; import { getAdminAccessTokenValue,getAdminRefreshTokenValue, accessTokenName, refreshTokenName } from "./src/login";
const get_loading_html = (content?:string)=> `<!DOCTYPE html> const get_loading_html = (content?:string)=> `<!DOCTYPE html>
<html lang="ko"><head> <html lang="ko"><head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<title>react-sample</title> <title>react-sample</title>
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
fonts.googleapis.com; font-src 'self' fonts.gstatic.com">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
</head> </head>
<style> <style>
@ -49,8 +51,16 @@ if (!setting.cli) {
await window.loadURL(`data:text/html;base64,`+Buffer.from(get_loading_html()).toString('base64')); await window.loadURL(`data:text/html;base64,`+Buffer.from(get_loading_html()).toString('base64'));
await session.defaultSession.cookies.set({ await session.defaultSession.cookies.set({
url:`http://localhost:${setting.port}`, url:`http://localhost:${setting.port}`,
name:loginTokenName, name:accessTokenName,
value:getAdminCookieValue(), value:getAdminAccessTokenValue(),
httpOnly: true,
secure: false,
sameSite:"strict"
});
await session.defaultSession.cookies.set({
url:`http://localhost:${setting.port}`,
name:refreshTokenName,
value:getAdminRefreshTokenValue(),
httpOnly: true, httpOnly: true,
secure: false, secure: false,
sameSite:"strict" sameSite:"strict"

2
index.html
View File

@ -3,6 +3,8 @@
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<title>react-sample</title> <title>react-sample</title>
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com;
font-src 'self' fonts.gstatic.com">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/dist/css/style.css"> <link rel="stylesheet" href="/dist/css/style.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap" />