From b7bce996d4039ad500f41bc3957d3d982dfbeeae Mon Sep 17 00:00:00 2001 From: Adam Bullmer Date: Tue, 31 Oct 2023 11:28:25 -0500 Subject: [PATCH] feat: Unblock manifest v3 usage by fixing incompatible CSP automation Fixes: [#130] References: [#107] --- lib/manifest.js | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/manifest.js b/lib/manifest.js index c62792c..1603d92 100644 --- a/lib/manifest.js +++ b/lib/manifest.js @@ -18,6 +18,8 @@ function syncManifestWithPackageJson ({ manifestSync }, packageJson, manifest) { }) } +const defaultCsp = "script-src 'self' 'unsafe-eval'; object-src 'self'" + module.exports = (api, pluginOptions, packageJson) => async (content) => { const manifest = JSON.parse(content) const keyFile = api.resolve('key.pem') @@ -26,15 +28,28 @@ module.exports = (api, pluginOptions, packageJson) => async (content) => { syncManifestWithPackageJson(pluginOptions, packageJson, manifest) - manifest.content_security_policy = - manifest.content_security_policy || "script-src 'self' 'unsafe-eval'; object-src 'self'" + if (manifest.manifest_version === 3) { + manifest.content_security_policy = Object.assign( + { + extension_pages: defaultCsp + }, + manifest.content_security_policy + ) + } else { + manifest.content_security_policy = + manifest.content_security_policy || defaultCsp + } // validate manifest // If building for production (going to web store) abort early. // The browser extension store will hash your signing key and apply CSP policies. if (isProduction) { - manifest.content_security_policy = manifest.content_security_policy.replace(/'unsafe-eval'/, '') + if (manifest.manifest_version === 3) { + manifest.content_security_policy.extension_pages = manifest.content_security_policy.extension_pages.replace(/'unsafe-eval'/, '') + } else { + manifest.content_security_policy = manifest.content_security_policy.replace(/'unsafe-eval'/, '') + } // validate minimum options