mirror of
https://github.com/wukko/cobalt.git
synced 2024-11-15 04:39:58 +00:00
web: generate _headers
& add Content-Security-Policy
header
This commit is contained in:
parent
d1686be583
commit
97977efabd
2 changed files with 28 additions and 3 deletions
28
web/src/routes/_headers/+server.ts
Normal file
28
web/src/routes/_headers/+server.ts
Normal file
|
@ -0,0 +1,28 @@
|
|||
export async function GET() {
|
||||
const CSP = [
|
||||
"default-src 'none'",
|
||||
"script-src 'self' challenges.cloudflare.com",
|
||||
"frame-src challenges.cloudflare.com",
|
||||
]
|
||||
|
||||
const _headers = {
|
||||
"/*": {
|
||||
"Cross-Origin-Opener-Policy": "same-origin",
|
||||
"Cross-Origin-Embedder-Policy": "require-corp",
|
||||
"Content-Security-Policy": CSP.join("; "),
|
||||
}
|
||||
}
|
||||
|
||||
return new Response(
|
||||
Object.entries(_headers).map(
|
||||
([path, headers]) => [
|
||||
path,
|
||||
Object.entries(headers).map(
|
||||
([key, value]) => ` ${key}: ${value}`
|
||||
)
|
||||
].flat().join("\n")
|
||||
).join("\n\n")
|
||||
);
|
||||
}
|
||||
|
||||
export const prerender = true;
|
|
@ -1,3 +0,0 @@
|
|||
/*
|
||||
Cross-Origin-Opener-Policy: same-origin
|
||||
Cross-Origin-Embedder-Policy: require-corp
|
Loading…
Reference in a new issue