David Ross randomdross
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| request.headers.set('x-random-csp-nonce', randomNonce) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CSPNonce: validateCSPNonce(req.Header.Get("x-random-csp-nonce")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| func validateCSPNonce(cspNonce string) string { | |
| if m, _ := regexp.MatchString("^[a-zA-Z0-9]{20}$", cspNonce); !m { | |
| return "" | |
| } | |
| return cspNonce | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| addEventListener('fetch', event => { | |
| event.respondWith(handleRequest(event.request)) | |
| }) | |
| /** | |
| * Fetch a request and return the response, with CSP applied | |
| * @param {Request} request | |
| */ | |
| async function handleRequest(request) { | |
| randomNonce = generateNonce(20) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| func validateCSPNonce(cspNonce string) string { | |
| if m, _ := regexp.MatchString("^[a-zA-Z0-9]{20}$", cspNonce); !m { | |
| return "" | |
| } | |
| return cspNonce | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CSPNonce: validateCSPNonce(req.Header.Get("x-random-csp-nonce")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| addEventListener('fetch', event => { | |
| event.respondWith(handleRequest(event.request)) | |
| }) | |
| /** | |
| * Fetch a request and return the response, with CSP applied | |
| * @param {Request} request | |
| */ | |
| async function handleRequest(request) { | |
| randomNonce = generateNonce(20) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| request.headers.set('x-random-csp-nonce', randomNonce) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| object-src 'none'; script-src 'nonce-[random nonce]' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am randomdross on github. | |
| * I am dross (https://keybase.io/dross) on keybase. | |
| * I have a public key whose fingerprint is 248D 07E5 5F4B ED0B 5C90 6774 9683 9400 595D F27E | |
| To claim this, I am signing this object: |