Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add CSP to potentially fix turnstile on safari
  • Loading branch information
regalijan committed Oct 19, 2023
1 parent a078832 commit fb4be4c
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions functions/_middleware.ts
Expand Up @@ -100,6 +100,25 @@ async function setHeaders(context: RequestContext) {
response.headers.set("X-Frame-Options", "DENY");
response.headers.set("X-XSS-Protection", "1; mode=block");

const policies = {
"connect-src": ["https://*.ingest.sentry.io", "'self'"],
"default-src": ["'self'"],
"frame-src": ["https://challenges.cloudflare.com"],
"img-src": [
"https://cdn.discordapp.com/avatars/*",
"https://tr.rbxcdn.com",
"'self'",
],
"media-src": ["https://mediaproxy.carcrushers.cc"],
"script-src": ["https://challenges.cloudflare.com", "'self'"],
};

const directives = [];

for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`);

response.headers.set("Content-Security-Policy", directives.join("; "));

return response;
}

Expand Down

0 comments on commit fb4be4c

Please sign in to comment.