Skip to content

Commit

Permalink
fix: CSP header
Browse files Browse the repository at this point in the history
  • Loading branch information
@gander
gander committed Nov 27, 2024
1 parent d93e543 commit 03e45ca
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion functions/_middleware.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ async function handleNonceResponse(response) {

let newHeaders = new Headers(response.headers);
newHeaders.set('Reporting-Endpoints', 'csp-endpoint="https://csp.gander.tools/"')
newHeaders.set('Content-Security-Policy-Report-Only', `default-src 'self'; script-src https: 'unsafe-inline' 'nonce-${nonce}' 'strict-dynamic' https://static.cloudflareinsights.com/beacon.min.js; object-src 'none'; base-uri 'none'; connect-src https://cloudflareinsights.com/ https://medama.gander.tools/ https://sentry.gander.tools/; style-src 'nonce-${nonce}'; require-trusted-types-for 'script'; report-to csp-endpoint; report-uri https://csp.gander.tools/`);
newHeaders.set('Content-Security-Policy-Report-Only', `default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-${nonce}' 'strict-dynamic'; object-src 'none'; base-uri 'none'; connect-src 'self' medama.gander.tools sentry.gander.tools; style-src 'self' 'unsafe-inline' 'nonce-${nonce}'; require-trusted-types-for 'script'; report-to csp-endpoint; report-uri https://csp.gander.tools/`);

let body = await response.text();
body = body.replace(/{{CSP-NONCE}}/g, nonce);
Expand Down

0 comments on commit 03e45ca

Please sign in to comment.