|
|
@ -1,12 +1,12 @@
|
|
|
|
import type { Handle } from '@sveltejs/kit';
|
|
|
|
import type { Handle } from '@sveltejs/kit';
|
|
|
|
import { sequence } from "@sveltejs/kit/hooks";
|
|
|
|
import { sequence } from '@sveltejs/kit/hooks';
|
|
|
|
|
|
|
|
|
|
|
|
import { handleErrorWithSentry, sentryHandle } from "@sentry/sveltekit";
|
|
|
|
import { handleErrorWithSentry, sentryHandle } from '@sentry/sveltekit';
|
|
|
|
import * as Sentry from '@sentry/sveltekit';
|
|
|
|
import * as Sentry from '@sentry/sveltekit';
|
|
|
|
import {
|
|
|
|
import {
|
|
|
|
PUBLIC_SENTRY_KEY,
|
|
|
|
PUBLIC_SENTRY_KEY,
|
|
|
|
PUBLIC_SENTRY_PROJECT_ID,
|
|
|
|
PUBLIC_SENTRY_PROJECT_ID,
|
|
|
|
PUBLIC_SENTRY_ORG_ID
|
|
|
|
PUBLIC_SENTRY_ORG_ID
|
|
|
|
} from '$env/static/public';
|
|
|
|
} from '$env/static/public';
|
|
|
|
|
|
|
|
|
|
|
|
import { csp, rootDomain } from './cspDirectives';
|
|
|
|
import { csp, rootDomain } from './cspDirectives';
|
|
|
@ -15,34 +15,34 @@ import * as amp from '@sveltejs/amp';
|
|
|
|
import dropcss from 'dropcss';
|
|
|
|
import dropcss from 'dropcss';
|
|
|
|
|
|
|
|
|
|
|
|
Sentry.init({
|
|
|
|
Sentry.init({
|
|
|
|
dsn: 'https://962a7ed3891a335e112746e5c6c6bf42@o4505828687478784.ingest.us.sentry.io/4506871754326016',
|
|
|
|
dsn: `https://${PUBLIC_SENTRY_KEY}@${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/${PUBLIC_SENTRY_PROJECT_ID}`,
|
|
|
|
tracesSampleRate: 1.0,
|
|
|
|
tracesSampleRate: 1.0
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
export const cspHandle: Handle = async ({ event, resolve }) => {
|
|
|
|
export const cspHandle: Handle = async ({ event, resolve }) => {
|
|
|
|
if (!csp) {
|
|
|
|
if (!csp) {
|
|
|
|
throw new Error('csp is undefined');
|
|
|
|
throw new Error('csp is undefined');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
const response = await resolve(event);
|
|
|
|
const response = await resolve(event);
|
|
|
|
|
|
|
|
|
|
|
|
// Permission fullscreen necessary for maps fullscreen
|
|
|
|
// Permission fullscreen necessary for maps fullscreen
|
|
|
|
const headers = {
|
|
|
|
const headers = {
|
|
|
|
'X-Frame-Options': 'SAMEORIGIN',
|
|
|
|
'X-Frame-Options': 'SAMEORIGIN',
|
|
|
|
'Referrer-Policy': 'no-referrer',
|
|
|
|
'Referrer-Policy': 'no-referrer',
|
|
|
|
'Permissions-Policy': `accelerometer=(), autoplay=(), camera=(), document-domain=(self, 'js-profiling'), encrypted-media=(), fullscreen=(self ${rootDomain}), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()`,
|
|
|
|
'Permissions-Policy': `accelerometer=(), autoplay=(), camera=(), document-domain=(self, 'js-profiling'), encrypted-media=(), fullscreen=(self ${rootDomain}), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()`,
|
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
|
// 'Content-Security-Policy-Report-Only': csp,
|
|
|
|
// 'Content-Security-Policy-Report-Only': csp,
|
|
|
|
'Content-Security-Policy': csp,
|
|
|
|
'Content-Security-Policy': csp,
|
|
|
|
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
|
|
|
|
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
|
|
|
|
'Expect-CT': `max-age=86400, report-uri="https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}"`,
|
|
|
|
'Expect-CT': `max-age=86400, report-uri="https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}"`,
|
|
|
|
'Report-To': `{group: "csp-endpoint", "max_age": 10886400, "endpoints": [{"url": "https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}/security/?sentry_key=${PUBLIC_SENTRY_KEY}"}]}`,
|
|
|
|
'Report-To': `{group: "csp-endpoint", "max_age": 10886400, "endpoints": [{"url": "https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}"}]}`
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
Object.entries(headers).forEach(([key, value]) => {
|
|
|
|
Object.entries(headers).forEach(([key, value]) => {
|
|
|
|
response.headers.set(key, value);
|
|
|
|
response.headers.set(key, value);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
return response;
|
|
|
|
return response;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
export const ampHandle: Handle = async ({ event, resolve }) => {
|
|
|
|
export const ampHandle: Handle = async ({ event, resolve }) => {
|
|
|
|
let buffer = '';
|
|
|
|
let buffer = '';
|
|
|
@ -55,15 +55,18 @@ export const ampHandle: Handle = async ({ event, resolve }) => {
|
|
|
|
const markup = amp
|
|
|
|
const markup = amp
|
|
|
|
.transform(buffer)
|
|
|
|
.transform(buffer)
|
|
|
|
.replace('⚡', 'amp') // dropcss can't handle this character
|
|
|
|
.replace('⚡', 'amp') // dropcss can't handle this character
|
|
|
|
.replace(/<style amp-custom([^>]*?)>([^]+?)<\/style>/, (match, attributes, contents) => {
|
|
|
|
.replace(
|
|
|
|
css = contents;
|
|
|
|
/<style amp-custom([^>]*?)>([^]+?)<\/style>/,
|
|
|
|
return `<style amp-custom${attributes}></style>`;
|
|
|
|
(match, attributes, contents) => {
|
|
|
|
});
|
|
|
|
css = contents;
|
|
|
|
|
|
|
|
return `<style amp-custom${attributes}></style>`;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
css = dropcss({ css, html: markup }).css;
|
|
|
|
css = dropcss({ css, html: markup }).css;
|
|
|
|
return markup.replace('</style>', `${css}</style>`);
|
|
|
|
return markup.replace('</style>', `${css}</style>`);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|