From 4b8f7f73ab8d8e7b14d56926df99976793dc71b4 Mon Sep 17 00:00:00 2001 From: Viktor Baranov Date: Mon, 27 Sep 2021 17:36:36 +0300 Subject: [PATCH] CSP fix: allow only trustwallet assets repo from Github --- CHANGELOG.md | 2 +- apps/block_scout_web/assets/static/manifest.webmanifest | 4 +--- apps/block_scout_web/lib/block_scout_web/csp_header.ex | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 99d1c39689..3f0631e5d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ - [#4625](https://github.com/blockscout/blockscout/pull/4625) - Contract address page: Add implementation link to the overview of proxy contracts - [#4624](https://github.com/blockscout/blockscout/pull/4624) - Support HTML tags in alert message - [#4608](https://github.com/blockscout/blockscout/pull/4608), [#4622](https://github.com/blockscout/blockscout/pull/4622) - Block Details page: Improved style of transactions button -- [#4596](https://github.com/blockscout/blockscout/pull/4596), [#4681](https://github.com/blockscout/blockscout/pull/4681) - Display token icon for bridged with Mainnet tokens or identicons for other tokens +- [#4596](https://github.com/blockscout/blockscout/pull/4596), [#4681](https://github.com/blockscout/blockscout/pull/4681), [#4693](https://github.com/blockscout/blockscout/pull/4693) - Display token icon for bridged with Mainnet tokens or identicons for other tokens - [#4520](https://github.com/blockscout/blockscout/pull/4520) - Add support for EIP-1559 - [#4593](https://github.com/blockscout/blockscout/pull/4593) - Add status in `Position` pane for txs have no block - [#4579](https://github.com/blockscout/blockscout/pull/4579) - Write contract page: Resize inputs; Improve multiplier selector diff --git a/apps/block_scout_web/assets/static/manifest.webmanifest b/apps/block_scout_web/assets/static/manifest.webmanifest index 5686f7e4d7..b20abb7cbb 100644 --- a/apps/block_scout_web/assets/static/manifest.webmanifest +++ b/apps/block_scout_web/assets/static/manifest.webmanifest @@ -15,7 +15,5 @@ ], "theme_color": "#ffffff", "background_color": "#ffffff", - "display": "standalone", - "permissions": [ "https://raw.githubusercontent.com/" ], - "content_security_policy": "connect-src 'self' raw.githubusercontent.com;" + "display": "standalone" } diff --git a/apps/block_scout_web/lib/block_scout_web/csp_header.ex b/apps/block_scout_web/lib/block_scout_web/csp_header.ex index 0e40888829..c68cee9ebb 100644 --- a/apps/block_scout_web/lib/block_scout_web/csp_header.ex +++ b/apps/block_scout_web/lib/block_scout_web/csp_header.ex @@ -11,7 +11,7 @@ defmodule BlockScoutWeb.CSPHeader do def call(conn, _opts) do Controller.put_secure_browser_headers(conn, %{ "content-security-policy" => "\ - connect-src 'self' #{websocket_endpoints(conn)} https://request-global.czilladx.com/ https://raw.githubusercontent.com/;\ + connect-src 'self' #{websocket_endpoints(conn)} https://request-global.czilladx.com/ https://raw.githubusercontent.com/trustwallet/assets/;\ default-src 'self';\ script-src 'self' 'unsafe-inline' 'unsafe-eval' https://coinzillatag.com;\ style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com;\