REFACTOR - Server Hooks, csp, permissions and setting headers
This commit is contained in:
parent
64e1e015b0
commit
c9221c357e
|
@ -1,50 +1,47 @@
|
|||
import type { Handle } from '@sveltejs/kit';
|
||||
import { sequence } from "@sveltejs/kit/hooks";
|
||||
import { handleErrorWithSentry, sentryHandle } from "@sentry/sveltekit";
|
||||
import { cspDirectives } from './cspDirectives.js'
|
||||
import * as Sentry from '@sentry/sveltekit';
|
||||
import {
|
||||
PUBLIC_SENTRY_KEY,
|
||||
PUBLIC_SENTRY_PROJECT_ID,
|
||||
PUBLIC_SENTRY_ORG_ID
|
||||
} from '$env/static/public';
|
||||
|
||||
import { csp, rootDomain } from './cspDirectives';
|
||||
|
||||
Sentry.init({
|
||||
dsn: 'https://962a7ed3891a335e112746e5c6c6bf42@o4505828687478784.ingest.us.sentry.io/4506871754326016',
|
||||
tracesSampleRate: 1.0,
|
||||
});
|
||||
|
||||
const csp = Object.entries(cspDirectives)
|
||||
.map(([key, arr]) => key + ' ' + arr.join(' '))
|
||||
.join('; ');
|
||||
|
||||
export const cspHandle = async ({ event, resolve }) => {
|
||||
export const cspHandle: Handle = async ({ event, resolve }) => {
|
||||
if (!csp) {
|
||||
throw new Error('csp is undefined');
|
||||
}
|
||||
const response = await resolve(event);
|
||||
response.headers.set('X-Frame-Options', 'SAMEORIGIN');
|
||||
response.headers.set('Referrer-Policy', 'no-referrer');
|
||||
response.headers.set(
|
||||
'Permissions-Policy',
|
||||
'accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()',
|
||||
);
|
||||
response.headers.set('X-Content-Type-Options', 'nosniff');
|
||||
/* Switch from Content-Security-Policy-Report-Only to Content-Security-Policy once you are satisifed policy is what you want
|
||||
* on switch comment out the Report-Only line
|
||||
*/
|
||||
response.headers.set('Content-Security-Policy-Report-Only', csp);
|
||||
// response.headers.set('Content-Security-Policy', csp);
|
||||
response.headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
|
||||
response.headers.set(
|
||||
'Expect-CT',
|
||||
`max-age=86400, report-uri="https://sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}"`,
|
||||
);
|
||||
response.headers.set(
|
||||
'Report-To',
|
||||
`{group: "csp-endpoint", "max_age": 10886400, "endpoints": [{"url": "https://sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}"}]}`,
|
||||
);
|
||||
|
||||
// Permission fullscreen necessary for maps fullscreen
|
||||
const headers = {
|
||||
'X-Frame-Options': 'SAMEORIGIN',
|
||||
'Referrer-Policy': 'no-referrer',
|
||||
'Permissions-Policy': `accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(self ${rootDomain}), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()`,
|
||||
'X-Content-Type-Options': 'nosniff',
|
||||
// 'Content-Security-Policy-Report-Only': csp,
|
||||
'Content-Security-Policy': csp,
|
||||
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
|
||||
'Expect-CT': `max-age=86400, report-uri="https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}"`,
|
||||
'Report-To': `{group: "csp-endpoint", "max_age": 10886400, "endpoints": [{"url": "https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}/security/?sentry_key=${PUBLIC_SENTRY_KEY}"}]}`,
|
||||
};
|
||||
|
||||
Object.entries(headers).forEach(([key, value]) => {
|
||||
response.headers.set(key, value);
|
||||
});
|
||||
return response;
|
||||
}
|
||||
|
||||
|
||||
// If you have custom handlers, make sure to place them after `sentryHandle()` in the `sequence` function.
|
||||
export const handle = sequence(sentryHandle(), cspHandle());
|
||||
export const handle: Handle = sequence(sentryHandle(), cspHandle);
|
||||
|
||||
// If you have a custom error handler, pass it to `handleErrorWithSentry`
|
||||
export const handleError = handleErrorWithSentry();
|
||||
|
|
Loading…
Reference in New Issue