From ca2d0e6745ea257443b50ab7a8efe5e119578aa0 Mon Sep 17 00:00:00 2001 From: Franz Unger Date: Tue, 12 Nov 2024 13:52:31 +0100 Subject: [PATCH] Move to separate file --- site/src/middleware.ts | 43 +++++++----------------------- site/src/util/configureResponse.ts | 28 +++++++++++++++++++ 2 files changed, 38 insertions(+), 33 deletions(-) create mode 100644 site/src/util/configureResponse.ts diff --git a/site/src/middleware.ts b/site/src/middleware.ts index 3664eb836..790a3c6ff 100644 --- a/site/src/middleware.ts +++ b/site/src/middleware.ts @@ -4,6 +4,7 @@ import { NextResponse } from "next/server"; import { GQLRedirectScope } from "./graphql.generated"; import { createRedirects } from "./redirects/redirects"; +import { configureResponse } from "./util/configureResponse"; import { getHostByHeaders, getSiteConfigForHost, getSiteConfigs } from "./util/siteConfig"; export async function middleware(request: NextRequest) { @@ -50,41 +51,17 @@ export async function middleware(request: NextRequest) { return NextResponse.rewrite(new URL(rewrite.destination, request.url)); } - const response = NextResponse.rewrite( - new URL( - `/${siteConfig.scope.domain}${request.nextUrl.pathname}${ - request.nextUrl.searchParams.toString().length > 0 ? `?${request.nextUrl.searchParams.toString()}` : "" - }`, - request.url, + return configureResponse( + NextResponse.rewrite( + new URL( + `/${siteConfig.scope.domain}${request.nextUrl.pathname}${ + request.nextUrl.searchParams.toString().length > 0 ? `?${request.nextUrl.searchParams.toString()}` : "" + }`, + request.url, + ), + { request: { headers } }, ), - { request: { headers } }, ); - - response.headers.set( - "Content-Security-Policy", - ` - default-src 'self'; - form-action 'self'; - object-src 'none'; - img-src 'self' https: data:${process.env.NODE_ENV === "development" ? " http:" : ""}; - media-src 'self' https: data:${process.env.NODE_ENV === "development" ? " http:" : ""}; - style-src 'self' 'unsafe-inline'; - font-src 'self' https: data:; - script-src 'self' 'unsafe-inline' https:${process.env.NODE_ENV === "development" ? " 'unsafe-eval'" : ""}; - connect-src 'self' https:${process.env.NODE_ENV === "development" ? " http:" : ""}; - frame-ancestors ${process.env.ADMIN_URL}; - upgrade-insecure-requests; - block-all-mixed-content; - frame-src 'self' https://*.youtube.com https://*.youtube-nocookie.com; - ` - .replace(/\s{2,}/g, " ") - .trim(), - ); - if (process.env.ADMIN_URL) { - response.headers.set("Access-Control-Allow-Origin", process.env.ADMIN_URL); - } - - return response; } type RewritesMap = Map; diff --git a/site/src/util/configureResponse.ts b/site/src/util/configureResponse.ts new file mode 100644 index 000000000..3ffe02b37 --- /dev/null +++ b/site/src/util/configureResponse.ts @@ -0,0 +1,28 @@ +import { NextResponse } from "next/server"; + +export function configureResponse(response: NextResponse) { + response.headers.set( + "Content-Security-Policy1", + ` + default-src 'self'; + form-action 'self'; + object-src 'none'; + img-src 'self' https: data:${process.env.NODE_ENV === "development" ? " http:" : ""}; + media-src 'self' https: data:${process.env.NODE_ENV === "development" ? " http:" : ""}; + style-src 'self' 'unsafe-inline'; + font-src 'self' https: data:; + script-src 'self' 'unsafe-inline' https:${process.env.NODE_ENV === "development" ? " 'unsafe-eval'" : ""}; + connect-src 'self' https:${process.env.NODE_ENV === "development" ? " http:" : ""}; + frame-ancestors ${process.env.ADMIN_URL ?? "none"}; + upgrade-insecure-requests; + block-all-mixed-content; + frame-src 'self' https://*.youtube.com https://*.youtube-nocookie.com; + ` + .replace(/\s{2,}/g, " ") + .trim(), + ); + if (process.env.ADMIN_URL) { + response.headers.set("Access-Control-Allow-Origin", process.env.ADMIN_URL); + } + return response; +}