Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2024-11-01 19:07:38 +01:00
Code Issues Projects Releases Wiki Activity
9943179393
unleash.unleash/src/lib/middleware/secure-headers.ts
Jaanus Sellin f9686a3a33
feat: add plausible as connect src (#3619)
2023-04-25 14:24:54 +03:00

69 lines
2.5 KiB
TypeScript
Raw Blame History

import helmet from 'helmet';
import { RequestHandler } from 'express';
import { IUnleashConfig } from '../types';
import { hoursToSeconds } from 'date-fns';
const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
if (config.secureHeaders) {
return helmet({
hsts: {
maxAge: hoursToSeconds(24 * 365 * 2), // 2 non-leap years
includeSubDomains: true,
preload: true,
},
contentSecurityPolicy: {
directives: {
defaultSrc: [
"'self'",
'cdn.getunleash.io',
'gravatar.com',
...config.additionalCspAllowedDomains.defaultSrc,
],
fontSrc: [
"'self'",
'cdn.getunleash.io',
'fonts.googleapis.com',
'fonts.gstatic.com',
...config.additionalCspAllowedDomains.fontSrc,
],
styleSrc: [
"'self'",
"'unsafe-inline'",
'cdn.getunleash.io',
'fonts.googleapis.com',
'fonts.gstatic.com',
'data:',
...config.additionalCspAllowedDomains.styleSrc,
],
scriptSrc: [
"'self'",
'cdn.getunleash.io',
...config.additionalCspAllowedDomains.scriptSrc,
],
imgSrc: [
"'self'",
'data:',
'cdn.getunleash.io',
'gravatar.com',
...config.additionalCspAllowedDomains.imgSrc,
],
connectSrc: [
"'self'",
'cdn.getunleash.io',
'plausible.getunleash.io',
'gravatar.com',
'europe-west3-metrics-304612.cloudfunctions.net',
...config.additionalCspAllowedDomains.connectSrc,
],
},
},
crossOriginEmbedderPolicy: false,
});
}
return (req, res, next) => {
next();
};
};
export default secureHeaders;
Reference in New Issue View Git Blame Copy Permalink