forked from shapeshift/web
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathheaders.js
120 lines (116 loc) · 6.91 KB
/
headers.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
require('dotenv').config()
const cspMeta = Object.entries({
'default-src': ["'self'"],
'child-src': ["'self'", 'blob:', "'report-sample'"],
'connect-src': [
"'self'",
'data:',
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/f833ac7f8c70dee801eaa24525336ca6992e5903/packages/swapper/src/swappers/zrx/utils/zrxService.ts#L4
'https://api.0x.org',
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/476550629be9485bfc089decc4df85456968464a/packages/chain-adapters/src/ethereum/EthereumChainAdapter.ts#L226
'https://gas.api.0x.org',
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/1689995812e81a866e2c60150bdbb9afc7ce32b9/packages/caip/src/adapters/coingecko/index.ts#L5
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/636c6c9460ac5ae4d1189165eddd3a105406e0ef/packages/asset-service/src/service/AssetService.ts#L130
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/9123527ebbcf0fd62a619ab2824d970123bd5ac2/packages/market-service/src/coingecko/coingecko.ts#L37
'https://api.coingecko.com',
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/636c6c9460ac5ae4d1189165eddd3a105406e0ef/packages/asset-service/src/generateAssetData/ethTokens/extendErc20.ts#L45
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/9123527ebbcf0fd62a619ab2824d970123bd5ac2/packages/market-service/src/yearn/yearn.ts#L30
'https://api.yearn.finance',
// @yfi/[email protected] https://github.com/yearn/yearn-sdk/blob/master/src/context.ts#L73
'https://cache.yearn.finance/v1/chains/',
// @yfi/[email protected]: https://github.com/yearn/yearn-sdk/blob/0a85ae7be734ba594b8b7e4a290e631610a3b399/src/context.ts#L66
'https://test-api.yearn.network/v1/',
// @yfi/[email protected]: https://github.com/yearn/yearn-sdk/blob/0a85ae7be734ba594b8b7e4a290e631610a3b399/src/services/subgraph/index.ts#L9-L29
'https://api.thegraph.com/subgraphs/name/salazarguille/yearn-vaults-v2-subgraph-mainnet',
// @yfi/[email protected]: https://github.com/yearn/yearn-sdk/blob/0a85ae7be734ba594b8b7e4a290e631610a3b399/src/services/assets.ts#L7
'https://raw.githubusercontent.com/yearn/yearn-assets/',
// @yfi/[email protected]: https://github.com/yearn/yearn-sdk/blob/0a85ae7be734ba594b8b7e4a290e631610a3b399/src/services/assets.ts#L17
'https://raw.githack.com/trustwallet/assets/',
// @yfi/[email protected]: https://github.com/yearn/yearn-sdk/blob/0a85ae7be734ba594b8b7e4a290e631610a3b399/src/services/zapper.ts#L28
'https://api.zapper.fi/v1/prices',
// @yfi/[email protected]: https://github.com/yearn/yearn-sdk/blob/0a85ae7be734ba594b8b7e4a290e631610a3b399/src/services/meta.ts#22
'https://meta.yearn.network/vaults/1/all',
// @yfi/[email protected]: https://github.com/yearn/yearn-sdk/blob/0a85ae7be734ba594b8b7e4a290e631610a3b399/src/services/assets.ts#L13
'https://api.github.com/repos/yearn/yearn-assets/',
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/5a378b186bf943c9f5e5342e1333b9fbc7c0deaf/packages/caip/src/adapters/coincap/index.ts#L5
'https://api.coincap.io/v2/assets',
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/9123527ebbcf0fd62a619ab2824d970123bd5ac2/packages/market-service/src/coincap/coincap.ts#L21
'https://api.coincap.io/v2/assets/',
// https://github.com/shapeshift/web/blob/70111acd6236759675cf81ddcd196c31472989a6/src/components/Modals/FiatRamps/utils.ts#L40
process.env.REACT_APP_GEM_COINIFY_SUPPORTED_COINS,
// https://github.com/shapeshift/web/blob/70111acd6236759675cf81ddcd196c31472989a6/src/components/Modals/FiatRamps/utils.ts#L50
process.env.REACT_APP_GEM_WYRE_SUPPORTED_COINS,
// https://github.com/shapeshift/web/blob/70111acd6236759675cf81ddcd196c31472989a6/src/components/Modals/FiatRamps/utils.ts#L13
process.env.REACT_APP_GEM_ASSET_LOGO,
'https://onramp.gem.co',
// @shapeshiftoss/[email protected]: https://github.com/shapeshift/lib/blob/1efccc3401eccb3125e1f09b7f829b886b457b89/packages/market-service/src/osmosis/osmosis.ts#L21
'https://api-osmosis.imperator.co/tokens/',
// captcha
'https://api.friendlycaptcha.com/api/v1/',
process.env.REACT_APP_ETHEREUM_NODE_URL,
process.env.REACT_APP_UNCHAINED_ETHEREUM_HTTP_URL,
process.env.REACT_APP_UNCHAINED_ETHEREUM_WS_URL,
process.env.REACT_APP_UNCHAINED_BITCOIN_HTTP_URL,
process.env.REACT_APP_UNCHAINED_BITCOIN_WS_URL,
process.env.REACT_APP_UNCHAINED_COSMOS_HTTP_URL,
process.env.REACT_APP_UNCHAINED_COSMOS_WS_URL,
// Explicitly whitelist our KeepKey versions file
process.env.REACT_APP_KEEPKEY_VERSIONS_URL,
process.env.REACT_APP_WALLET_MIGRATION_URL,
],
'frame-src': ['https://fwd.metamask.io/', 'https://widget.portis.io'],
'img-src': [
"'self'",
'data:',
'blob:',
'filesystem:',
// https://github.com/shapeshift/web/blob/70111acd6236759675cf81ddcd196c31472989a6/src/components/Modals/FiatRamps/utils.ts#L13
process.env.REACT_APP_GEM_ASSET_LOGO,
'https://assets.coincap.io/assets/icons/',
'https://static.coincap.io/assets/icons/',
'https://assets.coingecko.com/coins/images/',
'https://raw.githack.com/trustwallet/assets/',
'https://rawcdn.githack.com/yearn/yearn-assets/',
'https://raw.githack.com/yearn/yearn-assets/',
'https://assets.yearn.network/tokens/',
'https://raw.githubusercontent.com/yearn/yearn-assets/',
'https://rawcdn.githack.com/trustwallet/assets/',
'https://raw.githubusercontent.com/osmosis-labs/',
'https://raw.githack.com/shapeshift/lib/',
'https://raw.githubusercontent.com/shapeshift/lib/',
'https://raw.githubusercontent.com/cosmostation/',
],
'script-src': [
"'self'",
'blob:',
"'unsafe-eval'", //TODO: There are still a couple of libraries we depend on that use eval; notably amqp-ts and google-protobuf.
"'unsafe-inline'", //TODO: The only inline code we need is the stub injected by Metamask. We can fix this by including the stub in our own bundle.
"'report-sample'",
],
'style-src': ["'self'", "'unsafe-inline'", "'report-sample'"],
'base-uri': ["'none'"],
'object-src': ["'none'"],
})
.map(([k, v]) => `${[k, ...v].join(' ')}`)
.join('; ')
const headers = {
'Cache-Control': 'no-transform', // This will prevent middleboxes from munging our JS and breaking SRI if we're ever served over HTTP
'Content-Security-Policy': `${cspMeta}; frame-ancestors 'none'`, // `; report-uri https://shapeshift.report-uri.com/r/d/csp/wizard`,
'Cross-Origin-Opener-Policy': 'same-origin-allow-popups',
'Permissions-Policy': 'document-domain=()',
'Referrer-Policy': 'no-referrer',
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': 'DENY',
}
module.exports = {
headers,
cspMeta,
}
if (!module.parent) {
require('fs').writeFileSync(
'./build/_headers',
`/*\n${Object.entries(headers)
.map(([k, v]) => ` ${k}: ${v}\n`)
.join('')}`,
)
}