84 lines
2.3 KiB
TypeScript
84 lines
2.3 KiB
TypeScript
// https://gist.github.com/acoyfellow/d8e86979c66ebea25e1643594e38be73, Rodney Lab
|
||
|
||
import {
|
||
PUBLIC_DOMAIN,
|
||
PUBLIC_SENTRY_KEY,
|
||
PUBLIC_SENTRY_PROJECT_ID,
|
||
PUBLIC_SENTRY_ORG_ID,
|
||
PUBLIC_WORKER_URL
|
||
} from '$env/static/public';
|
||
|
||
export const rootDomain = PUBLIC_DOMAIN; // or your server IP for dev
|
||
|
||
const directives = {
|
||
'base-uri': ["'self'"],
|
||
'child-src': ["'self'", 'blob:'],
|
||
// 'connect-src': ["'self'", 'ws://localhost:*'],
|
||
'connect-src': [
|
||
"'self'",
|
||
'ws://localhost:*',
|
||
'https://*.sentry.io',
|
||
'https://hcaptcha.com',
|
||
'https://*.hcaptcha.com',
|
||
'https://*.cartocdn.com',
|
||
PUBLIC_DOMAIN,
|
||
PUBLIC_WORKER_URL
|
||
],
|
||
'img-src': ["'self'", 'data:', 'https://images.unsplash.com'],
|
||
'font-src': ["'self'", 'data:'],
|
||
'form-action': ["'self'"],
|
||
'frame-ancestors': ["'self'"],
|
||
'frame-src': [
|
||
"'self'",
|
||
// "https://*.stripe.com",
|
||
// "https://*.facebook.com",
|
||
// "https://*.facebook.net",
|
||
'https://hcaptcha.com',
|
||
'https://*.hcaptcha.com',
|
||
'https://www.openstreetmap.org',
|
||
'https://*.cartocdn.com'
|
||
],
|
||
'manifest-src': ["'self'"],
|
||
'media-src': ["'self'", 'data:'],
|
||
'object-src': ["'none'"],
|
||
// 'style-src': ["'self'", "'unsafe-inline'"],
|
||
'style-src': ["'self'", "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
|
||
'default-src': [
|
||
"'self'",
|
||
rootDomain,
|
||
`ws://${rootDomain}`,
|
||
// 'https://*.google.com',
|
||
// 'https://*.googleapis.com',
|
||
// 'https://*.firebase.com',
|
||
// 'https://*.gstatic.com',
|
||
// 'https://*.cloudfunctions.net',
|
||
// 'https://*.algolia.net',
|
||
// 'https://*.facebook.com',
|
||
// 'https://*.facebook.net',
|
||
// 'https://*.stripe.com',
|
||
'https://*.sentry.io'
|
||
],
|
||
'script-src': [
|
||
"'self'",
|
||
"'unsafe-inline'",
|
||
// 'https://*.stripe.com',
|
||
// 'https://*.facebook.com',
|
||
// 'https://*.facebook.net',
|
||
'https://hcaptcha.com',
|
||
'https://*.hcaptcha.com',
|
||
'https://*.sentry.io',
|
||
// 'https://polyfill.io',
|
||
'https://*.cartocdn.com'
|
||
],
|
||
'worker-src': ["'self'", 'blob:'],
|
||
//report-to can throw "Content-Security-Policy: Couldn’t process unknown directive ‘report-to’", leave it for older browsers.
|
||
'report-to': ["'csp-endpoint'"],
|
||
'report-uri': [
|
||
`https://${PUBLIC_SENTRY_ORG_ID}.ingest.us.sentry.io/api/${PUBLIC_SENTRY_PROJECT_ID}/security/?sentry_key=${PUBLIC_SENTRY_KEY}`
|
||
]
|
||
};
|
||
|
||
export const csp = Object.entries(directives)
|
||
.map(([key, arr]) => key + ' ' + arr.join(' '))
|
||
.join('; ');
|