diff --git a/functions/_middleware.ts b/functions/_middleware.ts index 14c5fa3..5468b49 100644 --- a/functions/_middleware.ts +++ b/functions/_middleware.ts @@ -100,6 +100,25 @@ async function setHeaders(context: RequestContext) { response.headers.set("X-Frame-Options", "DENY"); response.headers.set("X-XSS-Protection", "1; mode=block"); + const policies = { + "connect-src": ["https://*.ingest.sentry.io", "'self'"], + "default-src": ["'self'"], + "frame-src": ["https://challenges.cloudflare.com"], + "img-src": [ + "https://cdn.discordapp.com/avatars/*", + "https://tr.rbxcdn.com", + "'self'", + ], + "media-src": ["https://mediaproxy.carcrushers.cc"], + "script-src": ["https://challenges.cloudflare.com", "'self'"], + }; + + const directives = []; + + for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`); + + response.headers.set("Content-Security-Policy", directives.join("; ")); + return response; }