reimplementing cspDirectives, adding future cartoCDN, Sentry, OSM support
This commit is contained in:
parent
63ce40cc46
commit
64e1e015b0
|
@ -1,12 +1,14 @@
|
||||||
|
// https://gist.github.com/acoyfellow/d8e86979c66ebea25e1643594e38be73, Rodney Lab
|
||||||
|
|
||||||
import {
|
import {
|
||||||
PUBLIC_DOMAIN,
|
PUBLIC_DOMAIN,
|
||||||
PUBLIC_SENTRY_KEY,
|
PUBLIC_SENTRY_KEY,
|
||||||
PUBLIC_SENTRY_PROJECT_ID,
|
PUBLIC_SENTRY_PROJECT_ID,
|
||||||
|
PUBLIC_SENTRY_ORG_ID,
|
||||||
PUBLIC_WORKER_URL,
|
PUBLIC_WORKER_URL,
|
||||||
} from '$env/static/public';
|
} from '$env/static/public';
|
||||||
|
|
||||||
|
export const rootDomain = PUBLIC_DOMAIN; // or your server IP for dev
|
||||||
const rootDomain = PUBLIC_DOMAIN; // or your server IP for dev
|
|
||||||
|
|
||||||
const directives = {
|
const directives = {
|
||||||
'base-uri': ["'self'"],
|
'base-uri': ["'self'"],
|
||||||
|
@ -15,11 +17,14 @@ const directives = {
|
||||||
'connect-src': [
|
'connect-src': [
|
||||||
"'self'",
|
"'self'",
|
||||||
'ws://localhost:*',
|
'ws://localhost:*',
|
||||||
|
'https://*.sentry.io',
|
||||||
'https://hcaptcha.com',
|
'https://hcaptcha.com',
|
||||||
'https://*.hcaptcha.com',
|
'https://*.hcaptcha.com',
|
||||||
|
'https://*.cartocdn.com',
|
||||||
|
PUBLIC_DOMAIN,
|
||||||
PUBLIC_WORKER_URL,
|
PUBLIC_WORKER_URL,
|
||||||
],
|
],
|
||||||
'img-src': ["'self'", 'data:'],
|
'img-src': ["'self'", 'data:', 'https://images.unsplash.com'],
|
||||||
'font-src': ["'self'", 'data:'],
|
'font-src': ["'self'", 'data:'],
|
||||||
'form-action': ["'self'"],
|
'form-action': ["'self'"],
|
||||||
'frame-ancestors': ["'self'"],
|
'frame-ancestors': ["'self'"],
|
||||||
|
@ -30,6 +35,8 @@ const directives = {
|
||||||
// "https://*.facebook.net",
|
// "https://*.facebook.net",
|
||||||
'https://hcaptcha.com',
|
'https://hcaptcha.com',
|
||||||
'https://*.hcaptcha.com',
|
'https://*.hcaptcha.com',
|
||||||
|
'https://www.openstreetmap.org',
|
||||||
|
'https://*.cartocdn.com'
|
||||||
],
|
],
|
||||||
'manifest-src': ["'self'"],
|
'manifest-src': ["'self'"],
|
||||||
'media-src': ["'self'", 'data:'],
|
'media-src': ["'self'", 'data:'],
|
||||||
|
@ -61,13 +68,20 @@ const directives = {
|
||||||
'https://*.hcaptcha.com',
|
'https://*.hcaptcha.com',
|
||||||
'https://*.sentry.io',
|
'https://*.sentry.io',
|
||||||
// 'https://polyfill.io',
|
// 'https://polyfill.io',
|
||||||
|
'https://*.cartocdn.com'
|
||||||
],
|
],
|
||||||
'worker-src': ["'self'"],
|
'worker-src': [
|
||||||
// remove report-to & report-uri if you do not want to use Sentry reporting
|
"'self'",
|
||||||
|
'blob:'
|
||||||
|
],
|
||||||
|
//report-to can throw "Content-Security-Policy: Couldn’t process unknown directive ‘report-to’", leave it for older browsers.
|
||||||
'report-to': ["'csp-endpoint'"],
|
'report-to': ["'csp-endpoint'"],
|
||||||
'report-uri': [
|
'report-uri': [
|
||||||
`https://sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}`,
|
|
||||||
|
`https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}`,
|
||||||
],
|
],
|
||||||
};
|
};
|
||||||
|
|
||||||
export default directives;
|
export const csp = Object.entries(directives)
|
||||||
|
.map(([key, arr]) => key + ' ' + arr.join(' '))
|
||||||
|
.join('; ');
|
Loading…
Reference in New Issue