55 lines
No EOL
1.9 KiB
TypeScript
55 lines
No EOL
1.9 KiB
TypeScript
import { sequence } from '@sveltejs/kit/hooks';
|
|
import {init as initSentry, handleErrorWithSentry, sentryHandle} from '@sentry/sveltekit';
|
|
import type { Handle } from "@sveltejs/kit";
|
|
import { randomBytes } from 'crypto';
|
|
|
|
initSentry({
|
|
dsn: import.meta.env.SENTRY_DSN,
|
|
environment: import.meta.env.MODE,
|
|
tracesSampleRate: 1
|
|
})
|
|
|
|
const securityHeaders = {
|
|
'X-Content-Type-Options': 'nosniff',
|
|
'X-XSS-Protection': '0',
|
|
|
|
"Referrer-Policy": "no-referrer-when-downgrade",
|
|
|
|
"Permissions-Policy": "payment=(), geolocation=(self), fullscreen=(self)",
|
|
|
|
'Cross-Origin-Embedder-Policy': 'require-corp',
|
|
'Cross-Origin-Opener-Policy': 'same-origin',
|
|
'Cross-Origin-Resource-Policy': 'same-origin',
|
|
|
|
'Report-To': '{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"' + import.meta.env.SENTRY_REPORT_URL + '"}],"include_subdomains":true}',
|
|
}
|
|
|
|
export const handle: Handle = async (input) => {
|
|
const sentryNonce = randomBytes(16).toString('hex');
|
|
return await sequence(
|
|
sentryHandle({
|
|
// injectFetchProxyScript: false,
|
|
fetchProxyScriptNonce: sentryNonce,
|
|
}),
|
|
async ({ event, resolve }) => {
|
|
const response = await resolve(event);
|
|
let csp = response.headers.get("Content-Security-Policy");
|
|
if (csp) {
|
|
response.headers.set("Content-Security-Policy", csp.replace("script-src", "script-src 'nonce-" + sentryNonce + "'"));
|
|
}
|
|
|
|
Object.entries(securityHeaders).forEach(
|
|
([header, value]) => {
|
|
if (!response.headers.has(header)) {
|
|
response.headers.set(header, value)
|
|
}
|
|
}
|
|
);
|
|
|
|
response.headers.delete("x-sveltekit-page")
|
|
|
|
return response;
|
|
}
|
|
)(input)
|
|
}
|
|
export const handleError = handleErrorWithSentry(); |