Refactor: Simplify and optimize CSP header modification logic

responsively-org · Dec 24, 2024 · 032708c · 032708c
1 parent 23fb1b8
commit 032708c
Showing 1 changed file with 23 additions and 28 deletions.
diff --git a/desktop-app/src/main/main.ts b/desktop-app/src/main/main.ts
@@ -142,36 +142,31 @@ const createWindow = async () => {
   // Add BROWSER_SYNC_HOST to the allowed Content-Security-Policy origins
   mainWindow.webContents.session.webRequest.onHeadersReceived(
     async (details, callback) => {
-      if (details.responseHeaders?.['content-security-policy']) {
-        let cspHeader = details.responseHeaders['content-security-policy'][0];
-
-        cspHeader = cspHeader.replace(
-          'default-src',
-          `default-src ${BROWSER_SYNC_HOST}`
-        );
-        cspHeader = cspHeader.replace(
-          'script-src',
-          `script-src ${BROWSER_SYNC_HOST}`
-        );
-        cspHeader = cspHeader.replace(
-          'script-src-elem',
-          `script-src-elem ${BROWSER_SYNC_HOST}`
+      const cspKey = 'content-security-policy';
+
+      if (details.responseHeaders?.[cspKey]) {
+        const cspHeader = details.responseHeaders[cspKey][0];
+
+        // Define the rules to replace dynamically
+        const replacements: Record<string, string> = {
+          'default-src': `default-src ${BROWSER_SYNC_HOST}`,
+          'script-src': `script-src ${BROWSER_SYNC_HOST}`,
+          'script-src-elem': `script-src-elem ${BROWSER_SYNC_HOST}`,
+          'connect-src': `connect-src ${BROWSER_SYNC_HOST} wss://${BROWSER_SYNC_HOST} ws://${BROWSER_SYNC_HOST}`,
+          'child-src': `child-src ${BROWSER_SYNC_HOST}`,
+          'worker-src': `worker-src ${BROWSER_SYNC_HOST}`,
+        };
+
+        // Apply replacements
+        const updatedCSPHeader = Object.entries(replacements).reduce(
+          (header, [key, value]) => header.replace(key, value),
+          cspHeader
         );
-        cspHeader = cspHeader.replace(
-          'connect-src',
-          `connect-src ${BROWSER_SYNC_HOST} wss://${BROWSER_SYNC_HOST} ws://${BROWSER_SYNC_HOST}`
-        );
-        cspHeader = cspHeader.replace(
-          'child-src',
-          `child-src ${BROWSER_SYNC_HOST}`
-        );
-        cspHeader = cspHeader.replace(
-          'worker-src',
-          `worker-src ${BROWSER_SYNC_HOST}`
-        ); // Required when/if the browser-sync script is eventually relocated to a web worker
-
-        details.responseHeaders['content-security-policy'][0] = cspHeader;
+
+        // Update the response headers
+        details.responseHeaders[cspKey][0] = updatedCSPHeader;
       }
+
       callback({ responseHeaders: details.responseHeaders });
     }
   );