Login/Register
Tag inserted by the browser Brave before the head tag
Asked Answered
Solved javascriptcontent-security-policybrave-browser
C

1

6

i found a tag before the head tag on my webpage, inserted by the Brave browser. my question would the following run on my page if my content Content-Security-Policy doesn't allow run script's that doesn't have a valid nonce or integrity attribute. second question, the script asks to disable (disableDappDetectionInsertion)??? third what does this script do? this script has a attribute of "data-dapp-detection". it occurs after the window is blured for a while. no erros in the brave console either. Brave Version 1.10.97 Chromium: 83.0.4103.116 (Official Build) (64-bit)

(function() {
  let alreadyInsertedMetaTag = false

  function __insertDappDetected() {
    if (!alreadyInsertedMetaTag) {
      const meta = document.createElement('meta')
      meta.name = 'dapp-detected'
      document.head.appendChild(meta)
      alreadyInsertedMetaTag = true
    }
  }

  if (window.hasOwnProperty('web3')) {
    // Note a closure can't be used for this var because some sites like
    // www.wnyc.org do a second script execution via eval for some reason.
    window.__disableDappDetectionInsertion = true
    // Likely oldWeb3 is undefined and it has a property only because
    // we defined it. Some sites like wnyc.org are evaling all scripts
    // that exist again, so this is protection against multiple calls.
    if (window.web3 === undefined) {
      return
    }
    __insertDappDetected()
  } else {
    var oldWeb3 = window.web3
    Object.defineProperty(window, 'web3', {
      configurable: true,
      set: function (val) {
        if (!window.__disableDappDetectionInsertion)
          __insertDappDetected()
        oldWeb3 = val
      },
      get: function () {
        if (!window.__disableDappDetectionInsertion)
          __insertDappDetected()
        return oldWeb3
      }
    })
  }
})()
Cadaver answered 14/7, 2020 at 17:42 Comment(1)
Not related to your questions but to disable the automatic injection of this script go to Brave settings under "Wallet" and set "Ethereum provider for using Dapps" to "None"Bought
D
4

Install the brave browser and go to this site to see what your CSP policy will allow or not. https://content-security-policy.com/browser-test/

As for the dapp-detection this site goes into more detail: https://www.howtogeek.com/449046/what-is-the-brave-browser-and-how-does-it-compare-to-chrome/

But in a nutshell... Brave uses BAT (Basic Attention Tokens) and comes with an ad blocker already installed (Brave Shields). BAT is based off the Etherium Blockchain and is their way of allowing ads and monetization while also respecting users privacy.

Dysphoria answered 18/7, 2020 at 5:51 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.