Remove CSP

functions/_middleware.ts

@@ -78,8 +78,6 @@ async function setBody(context: RequestContext) {
 }
 
 async function setHeaders(context: RequestContext) {
-  const nonce = crypto.randomUUID().replace(/-/g, "");
-  context.data.nonce = nonce;
   const response = await context.next();
 
   const rtvValues = [
@@ -101,27 +99,6 @@ async function setHeaders(context: RequestContext) {
   );
   response.headers.set("X-XSS-Protection", "1; mode=block");
 
-  const policies = {
-    "connect-src": ["https://*.ingest.sentry.io", "'self'"],
-    "default-src": ["'self'"],
-    "frame-src": ["https://challenges.cloudflare.com"],
-    "img-src": [
-      "https://cdn.discordapp.com/avatars/*",
-      "https://tr.rbxcdn.com",
-      "'self'",
-    ],
-    "media-src": ["https://mediaproxy.carcrushers.cc"],
-    "script-src": ["https://challenges.cloudflare.com", "'self'"],
-    "style-src": [`nonce-${nonce}`, "'self'"],
-  };
-
-  const directives = [];
-
-  for (const [k, v] of Object.entries(policies))
-    directives.push(`${k} ${v.join(" ")}`);
-
-  response.headers.set("Content-Security-Policy", directives.join("; "));
-
   return response;
 }