zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-21 08:01:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

Add a content security policy for the KaiOS app

Browse Source 
This is for defence in depth against security holes either in Puzzles or
in the KaiAds API.  I haven't found any documentation of what KaiAds'
CSP requirements are, but allowing scripts and frames from *.kaiads.com
seems to be enough to let the test adverts work.
This commit is contained in:
Ben Harris
2023-01-21 13:23:38 +00:00
parent eb366cb6c6
commit 667ce17729
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kaios/manifest.pl
View File

@ -66,5 +66,10 @@ print JSON::PP->new->canonical->encode({
description => "Required to display advertisements" description => "Required to display advertisements"
}, },
}, },
csp => "default-src 'self';
script-src 'self' https://*.kaiads.com;
style-src 'self' 'unsafe-inline';
frame-src 'self' https://*.kaiads.com;
img-src 'self' data:;" =~ s/\s+/ /gr,
$decvers ? (version => $decvers) : (), $decvers ? (version => $decvers) : (),
}) })