Remove CSP

regalijan · Oct 19, 2023 · c97029e · c97029e
1 parent ee68c1b
commit c97029e
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 34 deletions.
diff --git a/app/createEmotionCache.ts b/app/createEmotionCache.ts
@@ -1,10 +1,10 @@
 import createCache from "@emotion/cache";
 
-export default function createEmotionCache(nonce?: string) {
+export default function createEmotionCache() {
   // The browser throws when calling .default, but the server throws if we don't call .default
   // Of course!
   return typeof document === "undefined"
-    ? createCache.default({ key: "cha", nonce })
+    ? createCache.default({ key: "cha" })
     : // @ts-expect-error
-      createCache({ key: "cha", nonce });
+      createCache({ key: "cha" });
 }
diff --git a/app/entry.client.tsx b/app/entry.client.tsx
@@ -16,14 +16,10 @@ Sentry.init({
 });
 
 function ClientCacheProvider({ children }: { children: ReactNode }) {
-  const nonce =
-    document
-      .querySelector("meta[name='style-nonce']")
-      ?.getAttribute("content") || undefined;
-  const [cache, setCache] = useState(createEmotionCache(nonce));
+  const [cache, setCache] = useState(createEmotionCache());
 
   function reset() {
-    setCache(createEmotionCache(nonce));
+    setCache(createEmotionCache());
   }
 
   return (

diff --git a/app/entry.server.tsx b/app/entry.server.tsx
@@ -10,9 +10,9 @@ export default function handleRequest(
   request: Request,
   responseStatusCode: number,
   responseHeaders: Headers,
-  remixContext: EntryContext & RequestContext
+  remixContext: EntryContext
 ) {
-  const cache = createEmotionCache(remixContext.data.nonce);
+  const cache = createEmotionCache();
   const { extractCriticalToChunks } = createEmotionServer(cache);
   const html = renderToString(
     <ServerStyleContext.Provider value={null}>

diff --git a/functions/_middleware.ts b/functions/_middleware.ts
@@ -78,8 +78,6 @@ async function setBody(context: RequestContext) {
 }
 
 async function setHeaders(context: RequestContext) {
-  const nonce = crypto.randomUUID().replace(/-/g, "");
-  context.data.nonce = nonce;
   const response = await context.next();
 
   const rtvValues = [
@@ -101,27 +99,6 @@ async function setHeaders(context: RequestContext) {
   );
   response.headers.set("X-XSS-Protection", "1; mode=block");
 
-  const policies = {
-    "connect-src": ["https://*.ingest.sentry.io", "'self'"],
-    "default-src": ["'self'"],
-    "frame-src": ["https://challenges.cloudflare.com"],
-    "img-src": [
-      "https://cdn.discordapp.com/avatars/*",
-      "https://tr.rbxcdn.com",
-      "'self'",
-    ],
-    "media-src": ["https://mediaproxy.carcrushers.cc"],
-    "script-src": ["https://challenges.cloudflare.com", "'self'"],
-    "style-src": [`nonce-${nonce}`, "'self'"],
-  };
-
-  const directives = [];
-
-  for (const [k, v] of Object.entries(policies))
-    directives.push(`${k} ${v.join(" ")}`);
-
-  response.headers.set("Content-Security-Policy", directives.join("; "));
-
   return response;
 }