ember/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
continuwuity/packages/website/csp.js
Jade Ellis 392f7c88c1
Add Sentry Relay
2024-09-03 02:09:16 +01:00

65 lines
No EOL
2.2 KiB
JavaScript
Raw Blame History

const rootDomain = process.env.VITE_DOMAIN; // or your server IP for dev
import { SENTRY_HOST } from './src/lib/config.js';
import { SENTRY_REPORT_URL } from './src/lib/config.js';
/**
* @type {import("@sveltejs/kit").CspDirectives}
*/
const cspDirectives = {
'base-uri': ["'self'"],
'child-src': ["'self'", "blob:"],
'connect-src': ["'self'", "https://*.google-analytics.com", "https://" + SENTRY_HOST],
// 'connect-src': ["'self'", 'ws://localhost:*', 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
'img-src': ["'self'", 'data:',
'https://*.googletagmanager.com'],
'font-src': ["'self'", 'data:'],
'form-action': ["'self'"],
'frame-ancestors': ["'self'"],
'frame-src': [
"'self'",
// "https://*.stripe.com",
// "https://*.facebook.com",
// "https://*.facebook.net",
// 'https://hcaptcha.com',
// 'https://*.hcaptcha.com',
],
'manifest-src': ["'self'"],
'media-src': ["'self'", 'data:'],
'object-src': ["'none'"],
'style-src': ["'self'", "'unsafe-inline'"],
// 'style-src': ["'self'", "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
'default-src': [
'self',
...(rootDomain ? [rootDomain, `ws://${rootDomain}`] : []),
// 'https://*.google.com',
// 'https://*.googleapis.com',
// 'https://*.firebase.com',
// 'https://*.gstatic.com',
// 'https://*.cloudfunctions.net',
// 'https://*.algolia.net',
// 'https://*.facebook.com',
// 'https://*.facebook.net',
// 'https://*.stripe.com',
// 'https://*.sentry.io',
],
'script-src': [
'self',
'unsafe-inline', // chrome suggestion
'https://*.googletagmanager.com'
// 'https://*.stripe.com',
// 'https://*.facebook.com',
// 'https://*.facebook.net',
// 'https://hcaptcha.com',
// 'https://*.hcaptcha.com',
// 'https://*.sentry.io',
// 'https://polyfill.io',
],
'worker-src': ["'self'", "blob:"],
// remove report-to & report-uri if you do not want to use Sentry reporting
'report-to': ["'csp-endpoint'"],
'report-uri': [
SENTRY_REPORT_URL,
],
};
export default cspDirectives;
Reference in a new issue View git blame Copy permalink