web: update & move csp to svelte.config.js

ough
2024-09-18 20:11:47 +06:00
parent 52599dd900
commit 026cb634ec
4 changed files with 42 additions and 26 deletions
--- a/web/src/routes/_headers/+server.ts
+++ b/web/src/routes/_headers/+server.ts
@@ -1,29 +1,8 @@
-import env from "$lib/env";
-
-const allowedScriptOrigins = [
-    "'self'",
-    "challenges.cloudflare.com",
-    env.PLAUSIBLE_HOST ? env.PLAUSIBLE_HOST : ""
-]
-
 export async function GET() {
-    const CSP = {
-        "connect-src": ["*"],
-        "default-src": ["'self'"],
-
-        "script-src": allowedScriptOrigins,
-        "script-src-attr": allowedScriptOrigins,
-        "frame-src": ["challenges.cloudflare.com"],
-    }
-
    const _headers = {
        "/*": {
            "Cross-Origin-Opener-Policy": "same-origin",
            "Cross-Origin-Embedder-Policy": "require-corp",
-            "Content-Security-Policy":
-                Object.entries(CSP).map(
-                    ([directive, values]) => `${directive} ${values.join(' ')}`
-                ).flat().join("; "),
        }
    }