Merge pull request #280 from gouravmore/all-1.4.0

Issue #235359 fix: Missing Content Security Policy for learner ai app

public/index.html

@@ -8,6 +8,15 @@
     />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta name="theme-color" content="#000000" />
+    <meta http-equiv="Content-Security-Policy" content="
+      default-src 'self' https://*.squarespace-cdn.com https://*.googleapis.com https://*.gstatic.com https://*.cdnfonts.com https://*.jsdelivr.net;
+      img-src 'self' data: https://*.squarespace-cdn.com;
+      style-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.cdnfonts.com;
+      script-src 'self' https://*.jsdelivr.net;
+      font-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.cdnfonts.com;
+      connect-src 'self';
+      frame-ancestors 'self';
+    ">
     <meta
       name="description"
       content="Base React App structure for Devigital Systems Projects"

src/App.js

@@ -94,7 +94,7 @@ const App = () => {
               window.parent.postMessage(
                 {
                   message: "Unauthorized",
-                }
+                }, window?.location?.ancestorOrigins?.[0] || window.parent.location.origin
               );
             } else {
               localStorage.clear();

src/components/Assesment/Assesment.jsx

@@ -352,7 +352,7 @@ export const ProfileHeader = ({
   const handleProfileBack = () => {
     try {
       if (process.env.REACT_APP_IS_APP_IFRAME === "true") {
-        window.parent.postMessage({ type: "restore-iframe-content" });
+        window.parent.postMessage({ type: "restore-iframe-content" }, window?.location?.ancestorOrigins?.[0] || window.parent.location.origin);
         navigate("/");
       } else {
         navigate("/discover-start");

src/components/DiscoverSentance/DiscoverSentance.jsx

@@ -118,7 +118,7 @@ const SpeakSentenceComponent = () => {
         {
           score: score,
           message: "all-test-rig-score",
-        }
+        }, window?.location?.ancestorOrigins?.[0] || window.parent.location.origin
       );
     }
   };

src/services/content/contentService.js

@@ -10,10 +10,7 @@ const getHeaders = () => {
   return {
     headers: {
       Authorization: `Bearer ${token}`,
-      "Content-Type": "application/json",
-      "Cache-Control": "no-cache",
-      Pragma: "no-cache",
-      "Content-Security-Policy": "default-src 'self'"
+      "Content-Type": "application/json"
     }
   };
 };

src/services/learnerAi/learnerAiService.js

@@ -10,10 +10,7 @@ const getHeaders = () => {
   return {
     headers: {
       Authorization: `Bearer ${token}`,
-      "Content-Type": "application/json",
-      "Cache-Control": "no-cache",
-      Pragma: "no-cache",
-      "Content-Security-Policy": "default-src 'self'"
+      "Content-Type": "application/json"
     },
   };
 };

src/services/orchestration/orchestrationService.js

@@ -11,10 +11,7 @@ const getHeaders = () => {
   return {
     headers: {
       Authorization: `Bearer ${token}`,
-      "Content-Type": "application/json",
-      "Cache-Control": "no-cache",
-      Pragma: "no-cache",
-      "Content-Security-Policy": "default-src 'self'"
+      "Content-Type": "application/json"
     },
   };
 };

src/views/Practice/Practice.jsx

@@ -137,7 +137,7 @@ const Practice = () => {
         {
           score: score,
           message: "all-test-rig-score",
-        }
+        }, window?.location?.ancestorOrigins?.[0] || window.parent.location.origin
       );
     }
   };
@@ -713,7 +713,7 @@ const Practice = () => {
               "mechanic_1")
             ? 500
             : stringLengths[0];
-        window.parent.postMessage({ type: "stringLengths", length });
+        window.parent.postMessage({ type: "stringLengths", length }, window?.location?.ancestorOrigins?.[0] || window.parent.location.origin);
       }
     }
   }, [questions[currentQuestion]]);