added CSP

2024-11-07 09:49:21 +01:00 · 2024-11-07 09:49:21 +01:00 · 3a79fd4488
commit 3a79fd4488
parent dc30ebb35e
2 changed files with 39 additions and 17 deletions
--- a/app.config.ts
+++ b/app.config.ts
@ -3,6 +3,9 @@ import { VitePWA } from 'vite-plugin-pwa'
 export default defineConfig({
    vite: {
        html: {
            cspNonce: 'KAAS_IS_AWESOME',
        },
        plugins: [
            VitePWA({
                mode: 'development',
--- a/src/entry-server.tsx
+++ b/src/entry-server.tsx
@ -4,13 +4,16 @@ import { installIntoGlobal } from "iterator-helpers-polyfill";
 installIntoGlobal();
-export default createHandler(() => (
+export default createHandler(({ nonce }) => {
  return (
    <StartServer
-    document={({ assets, children, scripts }) => (
+      document={({ assets, children, scripts }) => {
        return (
          <html lang="en">
            <head>
              <meta charset="utf-8" />
              <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
              <meta property="csp-nonce" nonce={nonce} />
              {assets}
            </head>
            <body>
@ -18,6 +21,22 @@ export default createHandler(() => (
              {scripts}
            </body>
          </html>
-    )}
+        );
-  />
+      }} />
-));
+  );
 }, event => {
  const nonce = crypto.randomUUID();
  const base = `'self' 'nonce-${nonce}'`;
  const policies = {
    default: base,
    connect: `${base} ws://localhost:*`,
    style: `'self' data: https://fonts.googleapis.com 'unsafe-inline'`,
    // style: `${base} data: https://fonts.googleapis.com`,
    font: `${base} https://*.gstatic.com`,
  } as const;
  event.response.headers.append('Content-Security-Policy', Object.entries(policies).map(([p, v]) => `${p}-src ${v}`).join('; '))
  return { nonce };
 });