diff --git a/functions/_middleware.ts b/functions/_middleware.ts index 57faa25..02ed8e9 100644 --- a/functions/_middleware.ts +++ b/functions/_middleware.ts @@ -86,6 +86,8 @@ async function setBody(context: RequestContext) { } async function setHeaders(context: RequestContext) { + const nonce = crypto.randomUUID().replaceAll("-", ""); + context.data.nonce = nonce; const response = await context.next(); const rtvValues = [ @@ -104,7 +106,7 @@ async function setHeaders(context: RequestContext) { response.headers.set( "Content-Security-Policy", - "connect-src https://o1071757.ingest.sentry.io https://storage.googleapis.com self; default-src self; frame-src https://challenges.cloudflare.com; img-src https://cdn.discordapp.com https://mediaproxy.carcrushers.cc self; media-src https://mediaproxy.carcrushers.cc; report-uri https://o1071757.ingest.sentry.io/api/6069431/security/?sentry_key=3d2b34700e6942f9b739cd8b2001f70f; script-src https://challenges.cloudflare.com self", + `connect-src https://o1071757.ingest.sentry.io https://storage.googleapis.com 'self'; default-src 'self'; frame-src https://challenges.cloudflare.com; img-src https://cdn.discordapp.com https://mediaproxy.carcrushers.cc 'self'; media-src https://mediaproxy.carcrushers.cc; report-uri https://o1071757.ingest.sentry.io/api/6069431/security/?sentry_key=3d2b34700e6942f9b739cd8b2001f70f; script-src https://challenges.cloudflare.com 'self'; style-src nonce-${nonce} 'self'`, ); response.headers.set("Permissions-Policy", "clipboard-write=(self)"); response.headers.set("Referrer-Policy", "same-origin");