regalijan/car-crushers-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create and pass nonce value through middleware

Browse Source
This commit is contained in:
regalijan 2023-10-19 16:49:34 -04:00
parent 969b304193
commit 0807f51d6c
Signed by: regalijan
GPG Key ID: 5D4196DA269EF520
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
functions/_middleware.ts
View File

@ -78,6 +78,8 @@ async function setBody(context: RequestContext) {
} }
async function setHeaders(context: RequestContext) { async function setHeaders(context: RequestContext) {
const nonce = crypto.randomUUID().replace(/-/g, "");
context.data.nonce = nonce;
const response = await context.next(); const response = await context.next();
const rtvValues = [ const rtvValues = [
@ -110,11 +112,13 @@ async function setHeaders(context: RequestContext) {
], ],
"media-src": ["https://mediaproxy.carcrushers.cc"], "media-src": ["https://mediaproxy.carcrushers.cc"],
"script-src": ["https://challenges.cloudflare.com", "'self'"], "script-src": ["https://challenges.cloudflare.com", "'self'"],
"style-src": [`nonce-${nonce}`, "'self'"],
}; };
const directives = []; const directives = [];
for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`); for (const [k, v] of Object.entries(policies))
directives.push(`${k} ${v.join(" ")}`);
response.headers.set("Content-Security-Policy", directives.join("; ")); response.headers.set("Content-Security-Policy", directives.join("; "));