From 0807f51d6cf17e5c94a160d8236b302d440084ec Mon Sep 17 00:00:00 2001
From: regalijan <r@regalijan.com>
Date: Thu, 19 Oct 2023 16:49:34 -0400
Subject: [PATCH] Create and pass nonce value through middleware

---
 functions/_middleware.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/functions/_middleware.ts b/functions/_middleware.ts
index 5f76ac0..2c10149 100644
--- a/functions/_middleware.ts
+++ b/functions/_middleware.ts
@@ -78,6 +78,8 @@ async function setBody(context: RequestContext) {
 }
 
 async function setHeaders(context: RequestContext) {
+  const nonce = crypto.randomUUID().replace(/-/g, "");
+  context.data.nonce = nonce;
   const response = await context.next();
 
   const rtvValues = [
@@ -110,11 +112,13 @@ async function setHeaders(context: RequestContext) {
     ],
     "media-src": ["https://mediaproxy.carcrushers.cc"],
     "script-src": ["https://challenges.cloudflare.com", "'self'"],
+    "style-src": [`nonce-${nonce}`, "'self'"],
   };
 
   const directives = [];
 
-  for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`);
+  for (const [k, v] of Object.entries(policies))
+    directives.push(`${k} ${v.join(" ")}`);
 
   response.headers.set("Content-Security-Policy", directives.join("; "));