diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 06862cdd67..c485fd103e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -68,6 +68,7 @@ jobs: # macOS notarization API key API_KEY_ID: ${{ secrets.apple_api_key_id }} API_KEY_ISSUER_ID: ${{ secrets.apple_api_key_issuer_id }} + APPLETEAMID: ${{ secrets.apple_team_id }} SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} # chocolatey diff --git a/DEV.md b/DEV.md index 1121950e05..d1382ad619 100644 --- a/DEV.md +++ b/DEV.md @@ -102,3 +102,6 @@ If using Cloudflare DNS, you need to setup full SSL mode instead of flexible mod - Product should have recurring pricing + +### Signing MacOS app +https://www.codiga.io/blog/notarize-sign-electron-app/ diff --git a/cwex.yml b/cwex.yml index d362b24cb6..bd773d6680 100644 --- a/cwex.yml +++ b/cwex.yml @@ -24,7 +24,8 @@ manifestOptions: - tabs - storage - notifications - content_security_policy: "script-src 'self' 'sha256-765ndVO8s0mJNdlCDVQJVuWyBpugFWusu1COU8BNbI8=' 'sha256-kFTKSG2YSVB69S6DWzferO6LmwbqfHmYBTqvVbPEp4I=' https://cdn.jsdelivr.net https://apis.google.com https://www.gstatic.com/ https://*.firebaseio.com https://www.googleapis.com localhost:* http://localhost:8002 http://localhost:8080; object-src 'self';" + # this CSP has been modified to allow unsafe-inline and unsafe-eval but the CSP in the index.html remains strict. This allows the web worker to have the less strict CSP. + content_security_policy: "script-src 'self' 'sha256-765ndVO8s0mJNdlCDVQJVuWyBpugFWusu1COU8BNbI8=' 'sha256-kFTKSG2YSVB69S6DWzferO6LmwbqfHmYBTqvVbPEp4I=' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://apis.google.com https://www.gstatic.com/ https://*.firebaseio.com https://www.googleapis.com localhost:* http://localhost:8002 http://localhost:8080; object-src 'self';" background: scripts: - js/background.js