Disable CSP reports and pings

TurboWarp · Jun 22, 2024 · 0947638 · 0947638
1 parent cee3ad4
commit 0947638
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src-main/windows/project-running-window.js b/src-main/windows/project-running-window.js
@@ -95,6 +95,12 @@ class ProjectRunningWindow extends AbtractWindow {
   }
 
   onBeforeRequest (details, callback) {
+    if (details.resourceType === 'cspReport' || details.resourceType === 'ping') {
+      return callback({
+        cancel: true
+      });
+    }
+
     const parsed = new URL(details.url);
 
     if (parsed.origin === 'https://cdn.assets.scratch.mit.edu' || parsed.origin === 'https://assets.scratch.mit.edu') {
@@ -149,7 +155,7 @@ class ProjectRunningWindow extends AbtractWindow {
             break;
 
           // Modify CSP frame-ancestors to allow embedding
-          // We modify the report-only header too so that we send fewer useless reports
+          // We modify the report-only header to reduce console spam
           case 'content-security-policy':
           case 'content-security-policy-report-only': {
             // We try to add allowed origins rather than completely remove/replace to reduce possible security impact.