Remove CSP for now, will not work because of react bug

regalijan · Oct 19, 2023 · 72884ee · 72884ee
1 parent 13b02c3
commit 72884ee
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 14 deletions.
diff --git a/app/root.tsx b/app/root.tsx
@@ -157,20 +157,17 @@ function getMarkup(
             <div className="App">
               <Navigation {...loaderData} />
               {children}
-              <Scripts nonce={loaderData.nonce} />
+              <Scripts />
             </div>
           </ChakraProvider>
         </StrictMode>
       );
 
       return (
-        <html
-          data-theme={loaderData.theme}
-          lang="en-US"
-        >
+        <html data-theme={loaderData.theme} lang="en-US">
           <head>
             <Links />
-            <style nonce={loaderData.nonce}>
+            <style>
               {`
                 :root {
                   color-scheme: ${loaderData.theme};
@@ -180,7 +177,6 @@ function getMarkup(
             {serverStyleData?.map(({ key, ids, css }) => (
               <style
                 key={key}
-                nonce={loaderData.nonce}
                 data-emotion={`${key} ${ids.join(" ")}`}
                 dangerouslySetInnerHTML={{ __html: css }}
               />

diff --git a/functions/_middleware.ts b/functions/_middleware.ts
@@ -86,10 +86,7 @@ async function setBody(context: RequestContext) {
 }
 
 async function setHeaders(context: RequestContext) {
-  const nonce = crypto.randomUUID().replaceAll("-", "");
-  context.data.nonce = nonce;
   const response = await context.next();
-
   const rtvValues = [
     "Aldaria",
     "Altadena",
@@ -104,10 +101,6 @@ async function setHeaders(context: RequestContext) {
     "Wintervale",
   ];
 
-  response.headers.set(
-    "Content-Security-Policy",
-    `connect-src https://o1071757.ingest.sentry.io https://storage.googleapis.com 'self'; default-src 'self'; frame-src https://challenges.cloudflare.com; img-src https://cdn.discordapp.com https://mediaproxy.carcrushers.cc 'self'; media-src https://mediaproxy.carcrushers.cc; report-uri https://o1071757.ingest.sentry.io/api/6069431/security/?sentry_key=3d2b34700e6942f9b739cd8b2001f70f; script-src https://challenges.cloudflare.com nonce-${nonce} 'self'; style-src nonce-${nonce} 'self'`,
-  );
   response.headers.set("Permissions-Policy", "clipboard-write=(self)");
   response.headers.set("Referrer-Policy", "same-origin");
   response.headers.set(