ember/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Sentry: Allow connections + report CSP violations

Browse source
This commit is contained in:
Jade Ellis 2024-08-26 20:46:14 +01:00
parent 69031a125f
commit e20840973e
No known key found for this signature in database
GPG key ID: 8705A2A3EBF77BD2
2 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
packages/website/csp.js
View file

@ -1,9 +1,12 @@
const rootDomain = process.env.VITE_DOMAIN; // or your server IP for dev
/**
* @type {import("@sveltejs/kit").CspDirectives}
*/
const cspDirectives = {
'base-uri': ["'self'"],
'child-src': ["'self'"],
'connect-src': ["'self'", "https://*.google-analytics.com"],
'child-src': ["'self'", "blob:"],
'connect-src': ["'self'", "https://*.google-analytics.com", "https://*.sentry.io"],
// 'connect-src': ["'self'", 'ws://localhost:*', 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
'img-src': ["'self'", 'data:',
'https://*.googletagmanager.com'],
@ -49,12 +52,15 @@ const cspDirectives = {
// 'https://*.sentry.io',
// 'https://polyfill.io',
],
'worker-src': ["'self'"],
'worker-src': ["'self'", "blob:"],
// remove report-to & report-uri if you do not want to use Sentry reporting
// 'report-to': ["'csp-endpoint'"],
// 'report-uri': [
// `https://sentry.io/api/${process.env.VITE_SENTRY_PROJECT_ID}/security/?sentry_key=${process.env.VITE_SENTRY_KEY}`,
// ],
'report-to': ["'csp-endpoint'"],
'report-uri': [
'https://o4507835405369344.ingest.de.sentry.io/api/4507835410481232/security/?sentry_key=d006c73cc53783930a1521a68ae1c312',
],
};
// Report-To: {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://o4507835405369344.ingest.de.sentry.io/api/4507835410481232/security/?sentry_key=d006c73cc53783930a1521a68ae1c312"}],"include_subdomains":true}
export default cspDirectives;

1
packages/website/src/hooks.server.ts
View file

@ -19,6 +19,7 @@ const securityHeaders = {
'Cross-Origin-Opener-Policy': 'same-origin',
'Cross-Origin-Resource-Policy': 'same-origin',
'Report-To': '{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://o4507835405369344.ingest.de.sentry.io/api/4507835410481232/security/?sentry_key=d006c73cc53783930a1521a68ae1c312"}],"include_subdomains":true}',
}
export const handle: Handle = sequence(Sentry.sentryHandle(), async ({ event, resolve }) => {