From 0f12f5f6df1c9128a9aca3c4a07e575e5e18e6ed Mon Sep 17 00:00:00 2001
From: Lucas Fernandes Nogueira <lucasfernandesnog@gmail.com>
Date: Tue, 17 Dec 2019 22:00:49 -0300
Subject: [PATCH] feat(js-cli) inject CSP from tauri.config.js (#167)

---
 cli/tauri.js/runner.js | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/cli/tauri.js/runner.js b/cli/tauri.js/runner.js
index 9b2cd15f0..43fbc1a37 100644
--- a/cli/tauri.js/runner.js
+++ b/cli/tauri.js/runner.js
@@ -43,7 +43,7 @@ class Runner {
     let inlinedAssets = []
 
     if (!runningDevServer) {
-      inlinedAssets = await this.__parseHtml(path.resolve(appDir, devPath))
+      inlinedAssets = await this.__parseHtml(cfg, path.resolve(appDir, devPath))
     }
 
     generator.generate({
@@ -95,7 +95,7 @@ class Runner {
       this.__whitelistApi(cfg, toml)
     })
 
-    const inlinedAssets = await this.__parseHtml(cfg.build.distDir)
+    const inlinedAssets = await this.__parseHtml(cfg, cfg.build.distDir)
 
     generator.generate({
       inlinedAssets,
@@ -127,7 +127,7 @@ class Runner {
     }
   }
 
-  __parseHtml (indexDir) {
+  __parseHtml (cfg, indexDir) {
     const Inliner = require('@tauri-apps/tauri-inliner')
     const jsdom = require('jsdom')
     const { JSDOM } = jsdom
@@ -148,7 +148,15 @@ class Runner {
           const tauriScript = document.createElement('script')
           tauriScript.text = readFileSync(path.join(tauriDir, 'tauri.js'))
           document.body.insertBefore(tauriScript, document.body.firstChild)
-          
+
+          const csp = cfg.tauri.security.csp
+          if (csp) {
+            const cspTag = document.createElement('meta')
+            cspTag.setAttribute('http-equiv', 'Content-Security-Policy')
+            cspTag.setAttribute('content', csp)
+            document.head.appendChild(cspTag)
+          }
+
           writeFileSync(path.join(indexDir, 'index.tauri.html'), dom.serialize())
           resolve(inlinedAssets)
         }