From 09476389875fafe66fba92535c88012b65e4aece Mon Sep 17 00:00:00 2001
From: Muffin <muffin@muffin.ink>
Date: Sat, 22 Jun 2024 03:42:34 -0500
Subject: [PATCH] Disable CSP reports and pings

---
 src-main/windows/project-running-window.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src-main/windows/project-running-window.js b/src-main/windows/project-running-window.js
index bffaa8e9..2d8509a3 100644
--- a/src-main/windows/project-running-window.js
+++ b/src-main/windows/project-running-window.js
@@ -95,6 +95,12 @@ class ProjectRunningWindow extends AbtractWindow {
   }
 
   onBeforeRequest (details, callback) {
+    if (details.resourceType === 'cspReport' || details.resourceType === 'ping') {
+      return callback({
+        cancel: true
+      });
+    }
+
     const parsed = new URL(details.url);
 
     if (parsed.origin === 'https://cdn.assets.scratch.mit.edu' || parsed.origin === 'https://assets.scratch.mit.edu') {
@@ -149,7 +155,7 @@ class ProjectRunningWindow extends AbtractWindow {
             break;
 
           // Modify CSP frame-ancestors to allow embedding
-          // We modify the report-only header too so that we send fewer useless reports
+          // We modify the report-only header to reduce console spam
           case 'content-security-policy':
           case 'content-security-policy-report-only': {
             // We try to add allowed origins rather than completely remove/replace to reduce possible security impact.