diff --git a/functions/_middleware.ts b/functions/_middleware.ts index 590e7d8..eaba7cf 100644 --- a/functions/_middleware.ts +++ b/functions/_middleware.ts @@ -16,7 +16,7 @@ async function constructHTML(context: RequestContext) { async function generateTokenHash(token: string) { const hash = await crypto.subtle.digest( "SHA-512", - new TextEncoder().encode(token) + new TextEncoder().encode(token), ); return btoa(String.fromCharCode(...new Uint8Array(hash))) .replace(/\+/g, "-") @@ -37,14 +37,14 @@ async function setAuth(context: RequestContext) { if (name !== "_s") continue; const userData = await context.env.DATA.get( - `auth_${await generateTokenHash(value)}` + `auth_${await generateTokenHash(value)}`, ); if (userData) context.data.current_user = JSON.parse(userData); else context.request.headers.append( "set-cookie", - "_s=; HttpOnly; Max-Age=0; Path=/; Secure;" + "_s=; HttpOnly; Max-Age=0; Path=/; Secure;", ); break; @@ -102,14 +102,20 @@ async function setHeaders(context: RequestContext) { "Wintervale", ]; - response.headers.set("Permissions-Policy", "clipboard-write=(self), interest-cohort=()"); + response.headers.set( + "Content-Security-Policy", + "connect-src: https://o1071757.ingest.sentry.io https://storage.googleapis.com self; default-src: self; frame-src: https://challenges.cloudflare.com; img-src: https://cdn.discordapp.com https://mediaproxy.carcrushers.cc self; media-src: https://mediaproxy.carcrushers.cc; report-uri: https://o1071757.ingest.sentry.io/api/6069431/security/?sentry_key=3d2b34700e6942f9b739cd8b2001f70f; script=src: https://challenges.cloudflare.com self", + ); + response.headers.set( + "Permissions-Policy", + "clipboard-write=(self)", + ); response.headers.set("Referrer-Policy", "same-origin"); response.headers.set( "RTV", - rtvValues[Math.round(Math.random() * (rtvValues.length - 1))] + rtvValues[Math.round(Math.random() * (rtvValues.length - 1))], ); response.headers.set("X-Frame-Options", "SAMEORIGIN"); - response.headers.set("X-XSS-Protection", "1; mode=block"); return response; } @@ -125,7 +131,7 @@ async function setTheme(context: RequestContext) { const cookieList = cookies.split("; "); const themeCookie = cookieList.find((c) => - c.startsWith("chakra-ui-color-mode") + c.startsWith("chakra-ui-color-mode"), ); const theme = themeCookie?.split("=").at(1);