This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
request.headers.set('x-random-csp-nonce', randomNonce) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CSPNonce: validateCSPNonce(req.Header.Get("x-random-csp-nonce")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
func validateCSPNonce(cspNonce string) string { | |
if m, _ := regexp.MatchString("^[a-zA-Z0-9]{20}$", cspNonce); !m { | |
return "" | |
} | |
return cspNonce | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
addEventListener('fetch', event => { | |
event.respondWith(handleRequest(event.request)) | |
}) | |
/** | |
* Fetch a request and return the response, with CSP applied | |
* @param {Request} request | |
*/ | |
async function handleRequest(request) { | |
randomNonce = generateNonce(20) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
func validateCSPNonce(cspNonce string) string { | |
if m, _ := regexp.MatchString("^[a-zA-Z0-9]{20}$", cspNonce); !m { | |
return "" | |
} | |
return cspNonce | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CSPNonce: validateCSPNonce(req.Header.Get("x-random-csp-nonce")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
addEventListener('fetch', event => { | |
event.respondWith(handleRequest(event.request)) | |
}) | |
/** | |
* Fetch a request and return the response, with CSP applied | |
* @param {Request} request | |
*/ | |
async function handleRequest(request) { | |
randomNonce = generateNonce(20) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
request.headers.set('x-random-csp-nonce', randomNonce) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
object-src 'none'; script-src 'nonce-[random nonce]' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Keybase proof | |
I hereby claim: | |
* I am randomdross on github. | |
* I am dross (https://keybase.io/dross) on keybase. | |
* I have a public key whose fingerprint is 248D 07E5 5F4B ED0B 5C90 6774 9683 9400 595D F27E | |
To claim this, I am signing this object: |