Skip to content

Commit

Permalink
Use script-elem tag
Browse files Browse the repository at this point in the history
  • Loading branch information
jmrossy committed Dec 26, 2023
1 parent 59942fe commit 148ed54
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions src/middleware.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,15 @@ const IMG_SRC_HOSTS = ['https://raw.githubusercontent.com', 'https://*.walletcon

export function middleware(request: NextRequest) {
const isDev = process.env.NODE_ENV === 'development';
const nonce = Buffer.from(crypto.randomUUID()).toString('base64');
// const nonce = Buffer.from(crypto.randomUUID()).toString('base64');
// const nonceRule = `'nonce-${nonce}'`;
// Note, causes a problem for firefox: https://github.com/MetaMask/metamask-extension/issues/3133
const cspHeader = `
default-src 'self';
script-src 'self' 'unsafe-inline'${isDev ? " 'unsafe-eval'" : ''};
script-src 'self'${isDev ? " 'unsafe-eval'" : ''};
script-src-elem 'self' 'unsafe-inline';
style-src 'self' 'unsafe-inline';
connect-src 'self' ${CONNECT_SRC_HOSTS.join(' ')};
style-src 'self'${isDev ? " 'unsafe-inline'" : ''};
img-src 'self' blob: data: ${IMG_SRC_HOSTS.join(' ')};
font-src 'self' data:;
object-src 'none';
Expand All @@ -39,7 +40,7 @@ export function middleware(request: NextRequest) {
const contentSecurityPolicyHeaderValue = cspHeader.replace(/\s{2,}/g, ' ').trim();

const requestHeaders = new Headers(request.headers);
requestHeaders.set('x-nonce', nonce);
// requestHeaders.set('x-nonce', nonce);
requestHeaders.set('Content-Security-Policy', contentSecurityPolicyHeaderValue);

const response = NextResponse.next({
Expand Down

0 comments on commit 148ed54

Please sign in to comment.