Skip to content

Commit

Permalink
feat(plugin-webpack): add devContentSecurityPolicy config option
Browse files Browse the repository at this point in the history
  • Loading branch information
malept committed Jun 18, 2021
1 parent 6e0a624 commit 4e5e427
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
14 changes: 14 additions & 0 deletions packages/plugin/webpack/src/Config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,18 @@ export interface WebpackPluginConfig {
* The TCP port for web-multi-logger. Defaults to 9000.
*/
loggerPort?: number;
/**
* Sets the [`Content-Security-Policy` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)
* for the Webpack development server.
*
* Normally you would want to only specify this as a `<meta>` tag. However, in development mode,
* the Webpack plugin uses the `devtool: eval-source-map` source map setting for efficiency
* purposes. This requires the `'unsafe-eval'` source for the `script-src` directive that wouldn't
* normally be recommended to use. If this value is set, make sure that you keep this
* directive-source pair intact if you want to use source maps.
*
* Default: `default-src 'self' 'unsafe-inline' data:;`
* `script-src 'self' 'unsafe-eval' 'unsafe-inline' data:`
*/
devContentSecurityPolicy?: string
}
7 changes: 7 additions & 0 deletions packages/plugin/webpack/src/WebpackPlugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,10 @@ Your packaged app may be larger than expected if you dont ignore everything othe
const config = await this.configGenerator.getRendererConfig(this.config.renderer.entryPoints);
if (!config.plugins) config.plugins = [];
config.plugins.push(pluginLogs);

const cspDirectives = this.config.devContentSecurityPolicy
?? "default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' data:";

const compiler = webpack(config);
const webpackDevServer = new WebpackDevServer(compiler, {
hot: true,
Expand All @@ -303,6 +307,9 @@ Your packaged app may be larger than expected if you dont ignore everything othe
},
setupExitSignals: true,
historyApiFallback: true,
headers: {
'Content-Security-Policy': cspDirectives,
},
});
const server = await webpackDevServer.listen(this.port);
this.servers.push(server);
Expand Down

0 comments on commit 4e5e427

Please sign in to comment.