blitzwing/cobalt-7
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

web/headers: add more stuff to CSP again

Browse source
This commit is contained in:
wukko 2024-09-18 19:12:13 +06:00
parent 732199332e
commit 9024418aff
No known key found for this signature in database
GPG key ID: 3E30B3F26C7B4AA2
1 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
web/src/routes/_headers/+server.ts
View file

@ -1,5 +1,11 @@
import env from "$lib/env"; import env from "$lib/env";
const allowedScriptOrigins = [
"'self'",
"challenges.cloudflare.com",
env.PLAUSIBLE_HOST ? env.PLAUSIBLE_HOST : ""
]
export async function GET() { export async function GET() {
const CSP = { const CSP = {
"connect-src": ["*"], "connect-src": ["*"],
@ -7,15 +13,14 @@ export async function GET() {
"font-src": ["'self'"], "font-src": ["'self'"],
"style-src": ["'self'"], "style-src": ["'self'"],
"img-src": ["'self'"], "style-src-attr": ["'self'"],
"style-src-elem": ["'self'"],
"img-src": ["'self'", "data:"],
"manifest-src": ["'self'"], "manifest-src": ["'self'"],
"worker-src": ["'self'"], "worker-src": ["'self'"],
"script-src": [ "script-src": allowedScriptOrigins,
"'self'", "script-src-attr": allowedScriptOrigins,
"challenges.cloudflare.com",
env.PLAUSIBLE_HOST ? env.PLAUSIBLE_HOST : ""
],
"frame-src": ["challenges.cloudflare.com"], "frame-src": ["challenges.cloudflare.com"],
} }