mirror of
https://github.com/Foundry376/Mailspring.git
synced 2024-09-20 15:26:06 +08:00
Additionally disable object, media browser features via csp: none
This commit is contained in:
parent
97957cf777
commit
31a8b5964a
|
@ -29,7 +29,7 @@ export default class PrintWindow {
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:;">
|
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:; object-src none; media-src none; manifest-src none;">
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
${styleTags}
|
${styleTags}
|
||||||
<link rel="stylesheet" type="text/css" href="${stylesPath}">
|
<link rel="stylesheet" type="text/css" href="${stylesPath}">
|
||||||
|
@ -80,7 +80,9 @@ export default class PrintWindow {
|
||||||
contextIsolation: false,
|
contextIsolation: false,
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
require("@electron/remote").require("@electron/remote/main").enable(this.browserWin.webContents);
|
require('@electron/remote')
|
||||||
|
.require('@electron/remote/main')
|
||||||
|
.enable(this.browserWin.webContents);
|
||||||
this.browserWin.removeMenu();
|
this.browserWin.removeMenu();
|
||||||
fs.writeFileSync(tmpMessagesPath, `window.printMessages = ${printMessages}`);
|
fs.writeFileSync(tmpMessagesPath, `window.printMessages = ${printMessages}`);
|
||||||
fs.writeFileSync(this.tmpFile, content);
|
fs.writeFileSync(this.tmpFile, content);
|
||||||
|
|
|
@ -5,7 +5,7 @@ const util = require('util');
|
||||||
|
|
||||||
// TODO: Remove when upgrading to Electron 4
|
// TODO: Remove when upgrading to Electron 4
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
fs.statSyncNoException = function (...args) {
|
fs.statSyncNoException = function(...args) {
|
||||||
try {
|
try {
|
||||||
return fs.statSync.apply(fs, args);
|
return fs.statSync.apply(fs, args);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
@ -89,10 +89,8 @@ const declareOptions = argv => {
|
||||||
// The options --enable-crashpad and --allow-file-access-from-files are added to the command line options by electron when opening a second instance of Mailspring.
|
// The options --enable-crashpad and --allow-file-access-from-files are added to the command line options by electron when opening a second instance of Mailspring.
|
||||||
// If they are not defined as boolean options here, they will "swallow" every argument that is passed after them. This leads to the "Send To" functionality not working
|
// If they are not defined as boolean options here, they will "swallow" every argument that is passed after them. This leads to the "Send To" functionality not working
|
||||||
// if mailspring is already running.
|
// if mailspring is already running.
|
||||||
options
|
options.boolean('enable-crashpad');
|
||||||
.boolean('enable-crashpad')
|
options.boolean('allow-file-access-from-files');
|
||||||
options
|
|
||||||
.boolean('allow-file-access-from-files')
|
|
||||||
options
|
options
|
||||||
.alias('h', 'help')
|
.alias('h', 'help')
|
||||||
.boolean('h')
|
.boolean('h')
|
||||||
|
@ -334,17 +332,14 @@ const start = () => {
|
||||||
// Setting the Origin Header to 'localhost' when logging in on Office 365
|
// Setting the Origin Header to 'localhost' when logging in on Office 365
|
||||||
// Otherwise O365 will produce a 400 error on the OAuth Login Process
|
// Otherwise O365 will produce a 400 error on the OAuth Login Process
|
||||||
const filter = {
|
const filter = {
|
||||||
urls: ["*://login.microsoftonline.com/*"]
|
urls: ['*://login.microsoftonline.com/*'],
|
||||||
};
|
};
|
||||||
|
|
||||||
session.defaultSession.webRequest.onBeforeSendHeaders(
|
session.defaultSession.webRequest.onBeforeSendHeaders(filter, (details, callback) => {
|
||||||
filter,
|
console.log(details);
|
||||||
(details, callback) => {
|
details.requestHeaders['Origin'] = 'localhost';
|
||||||
console.log(details);
|
callback({ requestHeaders: details.requestHeaders });
|
||||||
details.requestHeaders['Origin'] = 'localhost';
|
});
|
||||||
callback({ requestHeaders: details.requestHeaders });
|
|
||||||
}
|
|
||||||
);
|
|
||||||
|
|
||||||
// Block remote JS execution in a second way in case our <meta> tag approach
|
// Block remote JS execution in a second way in case our <meta> tag approach
|
||||||
// is compromised somehow https://www.electronjs.org/docs/tutorial/security
|
// is compromised somehow https://www.electronjs.org/docs/tutorial/security
|
||||||
|
@ -357,7 +352,7 @@ const start = () => {
|
||||||
responseHeaders: {
|
responseHeaders: {
|
||||||
...details.responseHeaders,
|
...details.responseHeaders,
|
||||||
'Content-Security-Policy': [
|
'Content-Security-Policy': [
|
||||||
"default-src * mailspring:; script-src 'self' 'unsafe-inline' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:;",
|
"default-src * mailspring:; script-src 'self' 'unsafe-inline' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:; object-src none; media-src none; manifest-src none;",
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<html style="background: #fff">
|
<html style="background: #fff">
|
||||||
<head>
|
<head>
|
||||||
<title>Updating Mailspring Database...</title>
|
<title>Updating Mailspring Database...</title>
|
||||||
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:;">
|
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:; object-src none; media-src none; manifest-src none;">
|
||||||
<style>
|
<style>
|
||||||
.progress {
|
.progress {
|
||||||
position: relative;
|
position: relative;
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<html style="background: #fff">
|
<html style="background: #fff">
|
||||||
<head>
|
<head>
|
||||||
<title>Preparing Mailspring...</title>
|
<title>Preparing Mailspring...</title>
|
||||||
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:;">
|
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:; object-src none; media-src none; manifest-src none;">
|
||||||
<style>
|
<style>
|
||||||
.progress {
|
.progress {
|
||||||
position: relative;
|
position: relative;
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<head>
|
<head>
|
||||||
<title>Mailspring</title>
|
<title>Mailspring</title>
|
||||||
|
|
||||||
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:;">
|
<meta http-equiv="Content-Security-Policy" content="default-src * mailspring:; script-src 'self' chrome-extension://react-developer-tools; style-src * 'unsafe-inline' mailspring:; img-src * data: mailspring: file:; object-src none; media-src none; manifest-src none;">
|
||||||
|
|
||||||
<script src="index.js"></script>
|
<script src="index.js"></script>
|
||||||
</head>
|
</head>
|
||||||
|
|
Loading…
Reference in a new issue