Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is wasm-eval in content security policy needed? #6

Closed
lukaw3d opened this issue Aug 11, 2021 · 5 comments · Fixed by #81
Closed

Is wasm-eval in content security policy needed? #6

lukaw3d opened this issue Aug 11, 2021 · 5 comments · Fixed by #81
Assignees
@lvshaoping007
Labels
p:0 Priority: High! bugs, address immediately
Milestone
Release 0.1.0

Comments

@lukaw3d
Copy link
Member

lukaw3d commented Aug 11, 2021

Blocking #1

oasis-wallet-ext/public/manifest.json

Line 35 in f912f13

"content_security_policy": "script-src 'self' 'wasm-eval'; object-src 'self'",

There are no wasm files in repo. Is there a dependency the requires this?

I found node_modules/@pmmmwh/react-refresh-webpack-plugin/node_modules/source-map/lib/mappings.wasm, so maybe only needed in development?
@lukaw3d
Copy link
Member Author

lukaw3d commented Aug 16, 2021

Also object-src.

I'd use "default-src 'self'; frame-ancestors 'none';" as per https://developer.chrome.com/docs/extensions/mv3/security/#content_security_policy

@tjanez tjanez added the p:0 Priority: High! bugs, address immediately label Aug 16, 2021
@tjanez tjanez added this to the Release 0.1.0 milestone Aug 16, 2021
@lvshaoping007
Copy link
Contributor

OK, If it is not used, I will remove it

@tjanez tjanez assigned tjanez and lvshaoping007 and unassigned tjanez Aug 17, 2021
@peterjgilbert peterjgilbert assigned tjanez and unassigned tjanez Aug 17, 2021
@lvshaoping007
Copy link
Contributor

ok ,well done

@lvshaoping007
Copy link
Contributor

I set it to. "content_security_policy": "script-src 'self';",
because default-src 'self' will lost my css .
frame-ancestors we have Dapp , so we supply our iframe to all web if set our chrome-id . if set this . it cannot work

@lukaw3d
Copy link
Member Author

lukaw3d commented Aug 19, 2021

ah, okay

lvshaoping007 added a commit to lvshaoping007/oasis-wallet-ext that referenced this issue Aug 20, 2021
@lvshaoping007
oasisprotocol#6 content_security_policy fix
777b410
lvshaoping007 added a commit to lvshaoping007/oasis-wallet-ext that referenced this issue Aug 20, 2021
@lvshaoping007
oasisprotocol#6 oasisprotocol#7 oasisprotocol#9 fix
63fe829
@lukaw3d lukaw3d mentioned this issue Aug 20, 2021
Closed
@lvshaoping007 lvshaoping007 mentioned this issue Aug 22, 2021
Closed
@tjanez tjanez mentioned this issue Aug 24, 2021
Merged
@lvshaoping007 lvshaoping007 mentioned this issue Aug 24, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lvshaoping007 lvshaoping007

Labels
p:0 Priority: High! bugs, address immediately
Projects
None yet
Milestone
Release 0.1.0
Development

Successfully merging a pull request may close this issue.

Set an explicit and strict content security policy oasisprotocol/oasis-wallet-ext
3 participants
@tjanez @lukaw3d @lvshaoping007