From 0807f51d6cf17e5c94a160d8236b302d440084ec Mon Sep 17 00:00:00 2001 From: regalijan Date: Thu, 19 Oct 2023 16:49:34 -0400 Subject: [PATCH] Create and pass nonce value through middleware --- functions/_middleware.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/functions/_middleware.ts b/functions/_middleware.ts index 5f76ac0..2c10149 100644 --- a/functions/_middleware.ts +++ b/functions/_middleware.ts @@ -78,6 +78,8 @@ async function setBody(context: RequestContext) { } async function setHeaders(context: RequestContext) { + const nonce = crypto.randomUUID().replace(/-/g, ""); + context.data.nonce = nonce; const response = await context.next(); const rtvValues = [ @@ -110,11 +112,13 @@ async function setHeaders(context: RequestContext) { ], "media-src": ["https://mediaproxy.carcrushers.cc"], "script-src": ["https://challenges.cloudflare.com", "'self'"], + "style-src": [`nonce-${nonce}`, "'self'"], }; const directives = []; - for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`); + for (const [k, v] of Object.entries(policies)) + directives.push(`${k} ${v.join(" ")}`); response.headers.set("Content-Security-Policy", directives.join("; "));