improvement hooks
This commit is contained in:
matthieu42morin
parent
9b67ce3b28
commit
e3a74fe6e3
|
|
@ -8,7 +8,7 @@ import {
|
||||||
PUBLIC_WORKER_URL
|
PUBLIC_WORKER_URL
|
||||||
} from '$env/static/public'
|
} from '$env/static/public'
|
||||||
|
|
||||||
export const rootDomain = PUBLIC_SITE_DOMAIN // or your server IP for dev
|
const rootDomain = PUBLIC_SITE_DOMAIN // or your server IP for dev
|
||||||
|
|
||||||
const directives = {
|
const directives = {
|
||||||
'base-uri': ["'self'"],
|
'base-uri': ["'self'"],
|
||||||
|
|
@ -45,8 +45,8 @@ const directives = {
|
||||||
'style-src': ["'self'", "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
|
'style-src': ["'self'", "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
|
||||||
'default-src': [
|
'default-src': [
|
||||||
"'self'",
|
"'self'",
|
||||||
rootDomain,
|
PUBLIC_SITE_DOMAIN,
|
||||||
`ws://${rootDomain}`,
|
`ws://${PUBLIC_SITE_DOMAIN}`,
|
||||||
// 'https://*.google.com',
|
// 'https://*.google.com',
|
||||||
// 'https://*.googleapis.com',
|
// 'https://*.googleapis.com',
|
||||||
// 'https://*.firebase.com',
|
// 'https://*.firebase.com',
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ import { handleErrorWithSentry, sentryHandle } from '@sentry/sveltekit'
|
||||||
import * as Sentry from '@sentry/sveltekit'
|
import * as Sentry from '@sentry/sveltekit'
|
||||||
import { PUBLIC_SENTRY_KEY, PUBLIC_SENTRY_PROJECT_ID, PUBLIC_SENTRY_ORG_ID } from '$env/static/public'
|
import { PUBLIC_SENTRY_KEY, PUBLIC_SENTRY_PROJECT_ID, PUBLIC_SENTRY_ORG_ID } from '$env/static/public'
|
||||||
|
|
||||||
import { csp, rootDomain } from './cspDirectives'
|
import { csp } from './cspDirectives'
|
||||||
|
|
||||||
Sentry.init({
|
Sentry.init({
|
||||||
dsn: `https://${PUBLIC_SENTRY_KEY}@${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/${PUBLIC_SENTRY_PROJECT_ID}`,
|
dsn: `https://${PUBLIC_SENTRY_KEY}@${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/${PUBLIC_SENTRY_PROJECT_ID}`,
|
||||||
|
|
@ -23,7 +23,7 @@ export const cspHandle: Handle = async ({ event, resolve }) => {
|
||||||
const headers = {
|
const headers = {
|
||||||
'X-Frame-Options': 'SAMEORIGIN',
|
'X-Frame-Options': 'SAMEORIGIN',
|
||||||
'Referrer-Policy': 'no-referrer',
|
'Referrer-Policy': 'no-referrer',
|
||||||
'Permissions-Policy': `accelerometer=(), autoplay=(), camera=(), document-domain=(self, 'js-profiling'), encrypted-media=(), fullscreen=(self ${rootDomain}), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()`,
|
'Permissions-Policy': `accelerometer=(), autoplay=(), camera=(), document-domain=(self, 'js-profiling'), encrypted-media=(), fullscreen=(self ${PUBLIC_SITE_DOMAIN}), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()`,
|
||||||
'X-Content-Type-Options': 'nosniff',
|
'X-Content-Type-Options': 'nosniff',
|
||||||
// 'Content-Security-Policy-Report-Only': csp,
|
// 'Content-Security-Policy-Report-Only': csp,
|
||||||
'Content-Security-Policy': csp,
|
'Content-Security-Policy': csp,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue