mirror of
https://github.com/Equicord/Equicord.git
synced 2025-06-08 06:03:03 -04:00
Merge remote-tracking branch 'upstream/strict-csp' into dev2
This commit is contained in:
commit
1a2e90e9cc
1 changed files with 35 additions and 1 deletions
|
@ -18,7 +18,41 @@ const MediaScriptsAndCssSrc = [...MediaAndCssSrc, "script-src", "worker-src"];
|
|||
// script and just adding to it. But generally, you should just edit this file instead
|
||||
|
||||
export const CspPolicies: PolicyMap = {
|
||||
"*": MediaScriptsAndCssSrc
|
||||
"*.github.io": MediaAndCssSrc, // github pages, used by most themes
|
||||
"raw.githubusercontent.com": MediaAndCssSrc, // github raw, used by some themes
|
||||
"*.gitlab.io": MediaAndCssSrc, // gitlab pages, used by some themes
|
||||
"gitlab.com": MediaAndCssSrc, // gitlab raw, used by some themes
|
||||
"*.codeberg.page": MediaAndCssSrc, // codeberg pages, used by some themes
|
||||
"codeberg.org": MediaAndCssSrc, // codeberg raw, used by some themes
|
||||
|
||||
"*.githack.com": MediaAndCssSrc, // githack (namely raw.githack.com), used by some themes
|
||||
"jsdelivr.net": MediaAndCssSrc, // jsdeliver, used by very few themes
|
||||
|
||||
"fonts.googleapis.com": CssSrc, // google fonts, used by many themes
|
||||
|
||||
"i.imgur.com": MediaSrc, // imgur, used by some themes
|
||||
"i.ibb.co": MediaSrc, // imgbb, used by some themes
|
||||
|
||||
"cdn.discordapp.com": MediaAndCssSrc, // Discord CDN, used by Vencord and some themes to load media
|
||||
"media.discordapp.net": MediaSrc, // Discord media CDN, possible alternative to Discord CDN
|
||||
|
||||
// CDNs used for some things by Vencord.
|
||||
// FIXME: we really should not be using CDNs anymore
|
||||
"cdnjs.cloudflare.com": MediaScriptsAndCssSrc,
|
||||
"cdn.jsdelivr.net": MediaScriptsAndCssSrc,
|
||||
|
||||
// Function Specific
|
||||
"api.github.com": ConnectSrc, // used for updating Vencord itself
|
||||
"ws.audioscrobbler.com": ConnectSrc, // last.fm API
|
||||
"translate-pa.googleapis.com": ConnectSrc, // Google Translate API
|
||||
"*.vencord.dev": MediaSrc, // VenCloud (api.vencord.dev) and Badges (badges.vencord.dev)
|
||||
"manti.vendicated.dev": MediaSrc, // ReviewDB API
|
||||
"decor.fieryflames.dev": ConnectSrc, // Decor API
|
||||
"ugc.decor.fieryflames.dev": MediaSrc, // Decor CDN
|
||||
"sponsor.ajay.app": ConnectSrc, // Dearrow API
|
||||
"dearrow-thumb.ajay.app": MediaSrc, // Dearrow Thumbnail CDN
|
||||
"usrbg.is-hardly.online": MediaSrc, // USRBG API
|
||||
"icons.duckduckgo.com": MediaSrc, // DuckDuckGo Favicon API (Reverse Image Search)
|
||||
};
|
||||
|
||||
const findHeader = (headers: PolicyMap, headerName: Lowercase<string>) => {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue