Mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/wukko/cobalt.git synced 2024-11-15 04:39:58 +00:00
Code Issues Projects Releases Packages Wiki Activity

web/headers: fix CSP directives & refactor

Browse source
This commit is contained in:
wukko 2024-09-18 19:06:46 +06:00
parent 97977efabd
commit 732199332e
No known key found for this signature in database
GPG key ID: 3E30B3F26C7B4AA2
1 changed files with 23 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
web/src/routes/_headers/+server.ts
View file

@ -1,15 +1,32 @@
import env from "$lib/env";
export async function GET() {
const CSP = [
"default-src 'none'",
"script-src 'self' challenges.cloudflare.com",
"frame-src challenges.cloudflare.com",
]
const CSP = {
"connect-src": ["*"],
"default-src": ["'none'"],
"font-src": ["'self'"],
"style-src": ["'self'"],
"img-src": ["'self'"],
"manifest-src": ["'self'"],
"worker-src": ["'self'"],
"script-src": [
"'self'",
"challenges.cloudflare.com",
env.PLAUSIBLE_HOST ? env.PLAUSIBLE_HOST : ""
],
"frame-src": ["challenges.cloudflare.com"],
}
const _headers = {
"/*": {
"Cross-Origin-Opener-Policy": "same-origin",
"Cross-Origin-Embedder-Policy": "require-corp",
"Content-Security-Policy": CSP.join("; "),
"Content-Security-Policy":
Object.entries(CSP).map(
([directive, values]) => `${directive} ${values.join(' ')}`
).flat().join("; "),
}
}