github/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

open: add localCSP

Browse Source
This commit is contained in:
CanadaHonk 2023-02-07 23:22:50 +00:00
parent b4e4570802
commit 5990a58bb4
5 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/index.js
View File

@ -185,7 +185,16 @@ const getBrowserType = name => { // todo: not need this
const portRange = [ 10000, 60000 ]; const portRange = [ 10000, 60000 ];
const generatePort = () => (Math.floor(Math.random() * (portRange[1] - portRange[0] + 1)) + portRange[0]); const generatePort = () => (Math.floor(Math.random() * (portRange[1] - portRange[0] + 1)) + portRange[0]);
const startBrowser = async (url, { allowHTTP = false, allowRedirects = 'same-origin', windowSize, forceBrowser, forceEngine }) => { // default CSP policy. tl;dr: allow everything if same-origin, and allow all mostly non-dangerous things for all domains (images, css, requests)
const csp_sameOnly = `'self' 'unsafe-inline'`;
const csp_allowAll = `https: data: blob: 'unsafe-inline'`;
const defaultCSP = [ 'upgrade-insecure-requests' ].concat(
[ 'default-src' ].map(x => `${x} ${csp_sameOnly}`)
).concat(
[ 'connect-src', 'prefetch-src', 'font-src', 'img-src', 'media-src', 'style-src', 'form-action' ].map(x => `${x} ${csp_allowAll}`)
).join('; ');
const startBrowser = async (url, { allowHTTP = false, allowRedirects = 'same-origin', windowSize, forceBrowser, forceEngine, localCSP = defaultCSP }) => {
const [ browserPath, browserName ] = await findBrowserPath(forceBrowser, forceEngine); const [ browserPath, browserName ] = await findBrowserPath(forceBrowser, forceEngine);
const browserFriendlyName = getFriendlyName(browserName); const browserFriendlyName = getFriendlyName(browserName);
@ -202,7 +211,7 @@ const startBrowser = async (url, { allowHTTP = false, allowRedirects = 'same-ori
const basePath = isAbsolute(url) ? url : join(ranJsDir, url); const basePath = isAbsolute(url) ? url : join(ranJsDir, url);
const closeHandlers = []; const closeHandlers = [];
if (openingLocal && browserType === 'firefox') closeHandlers.push(await LocalHTTP({ url: localUrl, basePath })); if (openingLocal && browserType === 'firefox') closeHandlers.push(await LocalHTTP({ url: localUrl, basePath, csp: localCSP }));
const Window = await (browserType === 'firefox' ? Firefox : Chromium)({ const Window = await (browserType === 'firefox' ? Firefox : Chromium)({
dataPath, dataPath,
@ -220,7 +229,8 @@ const startBrowser = async (url, { allowHTTP = false, allowRedirects = 'same-ori
closeHandlers, closeHandlers,
browserType, browserType,
dataPath, dataPath,
allowRedirects allowRedirects,
localCSP
}); });
return Window; return Window;

4
src/launcher/inject.js
View File

@ -27,7 +27,7 @@ const acquireTarget = async (CDP, filter = () => true) => {
})).sessionId; })).sessionId;
}; };
export default async (CDP, proc, injectionType = 'browser', { dataPath, browserName, browserType, openingLocal, url, basePath, allowRedirects, closeHandlers }) => { export default async (CDP, proc, injectionType = 'browser', { dataPath, browserName, browserType, openingLocal, url, basePath, allowRedirects, localCSP, closeHandlers }) => {
let pageLoadCallback, pageLoadPromise = new Promise(res => pageLoadCallback = res); let pageLoadCallback, pageLoadPromise = new Promise(res => pageLoadCallback = res);
let frameLoadCallback = () => {}, onWindowMessage = () => {}; let frameLoadCallback = () => {}, onWindowMessage = () => {};
CDP.onMessage(async msg => { CDP.onMessage(async msg => {
@ -79,7 +79,7 @@ export default async (CDP, proc, injectionType = 'browser', { dataPath, browserN
let sessionId; let sessionId;
if (injectionType === 'browser') sessionId = await acquireTarget(CDP, target => target.url !== 'about:blank'); if (injectionType === 'browser') sessionId = await acquireTarget(CDP, target => target.url !== 'about:blank');
if (openingLocal && browserType === 'chromium') await LocalCDP(CDP, { sessionId, url, basePath }); if (openingLocal && browserType === 'chromium') await LocalCDP(CDP, { sessionId, url, basePath, csp: localCSP });
await CDP.sendMessage('Runtime.enable', {}, sessionId); // enable runtime API await CDP.sendMessage('Runtime.enable', {}, sessionId); // enable runtime API
CDP.sendMessage('Page.enable', {}, sessionId); // enable page API CDP.sendMessage('Page.enable', {}, sessionId); // enable page API

4
src/lib/local/cdp.js
View File

@ -1,8 +1,8 @@
import createLocalFulfill from './fulfill.js'; import createLocalFulfill from './fulfill.js';
import { log } from '../logger.js'; import { log } from '../logger.js';
export default async (CDP, { sessionId, basePath, url }) => { export default async (CDP, { sessionId, basePath, url, csp }) => {
const localFulfill = createLocalFulfill(basePath); const localFulfill = createLocalFulfill(basePath, csp);
CDP.onMessage(async msg => { CDP.onMessage(async msg => {
if (msg.method === 'Fetch.requestPaused') { if (msg.method === 'Fetch.requestPaused') {

7
src/lib/local/fulfill.js
View File

@ -10,7 +10,9 @@ const generatePath = (pathname, indexFile) => {
return pathname; return pathname;
}; };
export default givenPath => { export default (givenPath, csp) => {
if (!csp) csp = undefined;
const basePath = extname(givenPath) ? dirname(givenPath) : givenPath; const basePath = extname(givenPath) ? dirname(givenPath) : givenPath;
const indexFile = extname(basePath) ? basename(basePath) : 'index.html'; const indexFile = extname(basePath) ? basename(basePath) : 'index.html';
@ -36,7 +38,8 @@ export default givenPath => {
status: 200, status: 200,
body, body,
headers: { headers: {
'Content-Type': mimeType(ext) 'Content-Type': mimeType(ext),
'Content-Security-Policy': csp
} }
}; };
}; };

4
src/lib/local/http.js
View File

@ -2,8 +2,8 @@ import { createServer } from 'http';
import createLocalFulfill from './fulfill.js'; import createLocalFulfill from './fulfill.js';
import { log } from '../logger.js'; import { log } from '../logger.js';
export default async ({ basePath, url }) => { export default async ({ basePath, url, csp }) => {
const localFulfill = createLocalFulfill(basePath); const localFulfill = createLocalFulfill(basePath, csp);
const port = parseInt(url.split(':').pop()); const port = parseInt(url.split(':').pop());
const server = createServer(async (req, res) => { const server = createServer(async (req, res) => {