Madmin
/
KkosmetickySalon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

reimplementing cspDirectives, adding future cartoCDN, Sentry, OSM support

This commit is contained in:
matthieu42morin 2024-03-19 22:21:43 +01:00
parent 63ce40cc46
commit 64e1e015b0
1 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/cspDirectives.js → src/cspDirectives.ts
View File

@ -1,12 +1,14 @@
// https://gist.github.com/acoyfellow/d8e86979c66ebea25e1643594e38be73, Rodney Lab
import { import {
PUBLIC_DOMAIN, PUBLIC_DOMAIN,
PUBLIC_SENTRY_KEY, PUBLIC_SENTRY_KEY,
PUBLIC_SENTRY_PROJECT_ID, PUBLIC_SENTRY_PROJECT_ID,
PUBLIC_WORKER_URL, PUBLIC_SENTRY_ORG_ID,
} from '$env/static/public'; PUBLIC_WORKER_URL,
} from '$env/static/public';
export const rootDomain = PUBLIC_DOMAIN; // or your server IP for dev
const rootDomain = PUBLIC_DOMAIN; // or your server IP for dev
const directives = { const directives = {
'base-uri': ["'self'"], 'base-uri': ["'self'"],
@ -15,11 +17,14 @@ const directives = {
'connect-src': [ 'connect-src': [
"'self'", "'self'",
'ws://localhost:*', 'ws://localhost:*',
'https://*.sentry.io',
'https://hcaptcha.com', 'https://hcaptcha.com',
'https://*.hcaptcha.com', 'https://*.hcaptcha.com',
'https://*.cartocdn.com',
PUBLIC_DOMAIN,
PUBLIC_WORKER_URL, PUBLIC_WORKER_URL,
], ],
'img-src': ["'self'", 'data:'], 'img-src': ["'self'", 'data:', 'https://images.unsplash.com'],
'font-src': ["'self'", 'data:'], 'font-src': ["'self'", 'data:'],
'form-action': ["'self'"], 'form-action': ["'self'"],
'frame-ancestors': ["'self'"], 'frame-ancestors': ["'self'"],
@ -30,6 +35,8 @@ const directives = {
// "https://*.facebook.net", // "https://*.facebook.net",
'https://hcaptcha.com', 'https://hcaptcha.com',
'https://*.hcaptcha.com', 'https://*.hcaptcha.com',
'https://www.openstreetmap.org',
'https://*.cartocdn.com'
], ],
'manifest-src': ["'self'"], 'manifest-src': ["'self'"],
'media-src': ["'self'", 'data:'], 'media-src': ["'self'", 'data:'],
@ -61,13 +68,20 @@ const directives = {
'https://*.hcaptcha.com', 'https://*.hcaptcha.com',
'https://*.sentry.io', 'https://*.sentry.io',
// 'https://polyfill.io', // 'https://polyfill.io',
'https://*.cartocdn.com'
], ],
'worker-src': ["'self'"], 'worker-src': [
// remove report-to & report-uri if you do not want to use Sentry reporting "'self'",
'blob:'
],
//report-to can throw "Content-Security-Policy: Couldnt process unknown directive report-to", leave it for older browsers.
'report-to': ["'csp-endpoint'"], 'report-to': ["'csp-endpoint'"],
'report-uri': [ 'report-uri': [
`https://sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}`,
`https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}`,
], ],
}; };
export default directives; export const csp = Object.entries(directives)
.map(([key, arr]) => key + ' ' + arr.join(' '))
.join('; ');