fet-1490: basic CSP

ensdomains · Aug 11, 2024 · c783d14 · c783d14
1 parent 03654c4
commit c783d14
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 2 deletions.
diff --git a/index.html b/index.html
@@ -2,7 +2,6 @@
 <html lang="en">
 
 <head>
-  <meta http-equiv="Content-Security-Policy" content="script-src 'self'">
   <meta charset="UTF-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
   <title>ENS Deed Reclaim</title>
@@ -13,4 +12,4 @@
   <script type="module" src="/src/main.tsx"></script>
 </body>
 
-</html>
+</html>
diff --git a/package.json b/package.json
@@ -17,6 +17,7 @@
     "graphql-request": "^7.0.1",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
+    "react-helmet": "^6.1.0",
     "react-transition-state": "^1.1.5",
     "styled-components": "^6.1.11",
     "viem": "2.13.6",

diff --git a/src/csp.tsx b/src/csp.tsx
@@ -0,0 +1,24 @@
+import { Helmet } from "react-helmet";
+
+const resources = [
+  "https://*.googletagmanager.com",
+  "plausible.io",
+  "static.cloudflareinsights.com",
+  "*.ens-app-v3.pages.dev",
+  "https://app.intercom.io",
+  "https://widget.intercom.io",
+  "https://js.intercomcdn.com",
+].join(" ");
+
+const content =
+  meta.env.NODE_ENV === "production"
+    ? `worker-src 'self'; script-src 'self' 'sha256-UyYcl+sKCF/ROFZPHBlozJrndwfNiC5KT5ZZfup/pPc=' ${resources} 'wasm-unsafe-eval';`
+    : "script-src 'self'";
+
+export function Csp() {
+  return (
+    <Helmet>
+      <meta httpEquiv="Content-Security-Policy" content={content} />
+    </Helmet>
+  );
+}
diff --git a/src/main.tsx b/src/main.tsx
@@ -10,6 +10,7 @@ import { WagmiProvider } from "wagmi";
 import { ThorinGlobalStyles, lightTheme } from "@ensdomains/thorin";
 import { ThemeProvider } from "styled-components";
 import App from "./App.tsx";
+import { Csp } from "./csp";
 import { config } from "./wagmi.ts";
 
 import "./index.css";
@@ -25,6 +26,7 @@ ReactDOM.createRoot(document.getElementById("root")!).render(
       <QueryClientProvider client={queryClient}>
         <ThemeProvider theme={lightTheme}>
           <ThorinGlobalStyles />
+          <Csp />
           <App />
         </ThemeProvider>
       </QueryClientProvider>