Create and pass nonce value through middleware

regalijan · Oct 19, 2023 · 0807f51 · 0807f51
1 parent 969b304
commit 0807f51
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/functions/_middleware.ts b/functions/_middleware.ts
@@ -78,6 +78,8 @@ async function setBody(context: RequestContext) {
 }
 
 async function setHeaders(context: RequestContext) {
+  const nonce = crypto.randomUUID().replace(/-/g, "");
+  context.data.nonce = nonce;
   const response = await context.next();
 
   const rtvValues = [
@@ -110,11 +112,13 @@ async function setHeaders(context: RequestContext) {
     ],
     "media-src": ["https://mediaproxy.carcrushers.cc"],
     "script-src": ["https://challenges.cloudflare.com", "'self'"],
+    "style-src": [`nonce-${nonce}`, "'self'"],
   };
 
   const directives = [];
 
-  for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`);
+  for (const [k, v] of Object.entries(policies))
+    directives.push(`${k} ${v.join(" ")}`);
 
   response.headers.set("Content-Security-Policy", directives.join("; "));