Главная Обзор Помощь
Регистрация Вход
shenzhen
/
tjdify
Следить 2
В избранное 0
Ответвить 0
Файлы Обсуждения 0 Запросы на слияние 0 Вики
Дерево: 71fa14f791
Ветки Метки
tjdify
/
web
/
middleware.ts

middleware.ts 2.4 KB
История Исходник

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. import type { NextRequest } from 'next/server'
    2. 

  2. import { NextResponse } from 'next/server'
    3. 

  3. 

  4. const NECESSARY_DOMAIN = '*.sentry.io http://localhost:* http://127.0.0.1:* https://analytics.google.com googletagmanager.com *.googletagmanager.com https://www.google-analytics.com https://api.github.com'
    5. 

  5. 

  6. export function middleware(request: NextRequest) {
    7. 

  7.   const isWhiteListEnabled = !!process.env.NEXT_PUBLIC_CSP_WHITELIST && process.env.NODE_ENV === 'production'
    8. 

  8.   if (!isWhiteListEnabled)
    9. 

  9.     return NextResponse.next()
    10. 

  10. 

  11.   const whiteList = `${process.env.NEXT_PUBLIC_CSP_WHITELIST} ${NECESSARY_DOMAIN}`
    12. 

  12.   const nonce = Buffer.from(crypto.randomUUID()).toString('base64')
    13. 

  13.   const csp = `'nonce-${nonce}'`
    14. 

  14. 

  15.   const scheme_source = 'data: mediastream: blob: filesystem:'
    16. 

  16. 

  17.   const cspHeader = `
    18. 

  18.     default-src 'self' ${scheme_source} ${csp} ${whiteList};
    19. 

  19.     connect-src 'self' ${scheme_source} ${csp} ${whiteList};
    20. 

  20.     script-src 'self' ${scheme_source} ${csp} ${whiteList};
    21. 

  21.     style-src 'self' 'unsafe-inline' ${scheme_source} ${whiteList};
    22. 

  22.     worker-src 'self' ${scheme_source} ${csp} ${whiteList};
    23. 

  23.     media-src 'self' ${scheme_source} ${csp} ${whiteList};
    24. 

  24.     img-src 'self' ${scheme_source} ${csp} ${whiteList};
    25. 

  25.     font-src 'self';
    26. 

  26.     object-src 'none';
    27. 

  27.     base-uri 'self';
    28. 

  28.     form-action 'self';
    29. 

  29.     upgrade-insecure-requests;
    30. 

  30. `
    31. 

  31.   // Replace newline characters and spaces
    32. 

  32.   const contentSecurityPolicyHeaderValue = cspHeader
    33. 

  33.     .replace(/\s{2,}/g, ' ')
    34. 

  34.     .trim()
    35. 

  35. 

  36.   const requestHeaders = new Headers(request.headers)
    37. 

  37.   requestHeaders.set('x-nonce', nonce)
    38. 

  38. 

  39.   requestHeaders.set(
    40. 

  40.     'Content-Security-Policy',
    41. 

  41.     contentSecurityPolicyHeaderValue,
    42. 

  42.   )
    43. 

  43. 

  44.   const response = NextResponse.next({
    45. 

  45.     request: {
    46. 

  46.       headers: requestHeaders,
    47. 

  47.     },
    48. 

  48.   })
    49. 

  49.   response.headers.set(
    50. 

  50.     'Content-Security-Policy',
    51. 

  51.     contentSecurityPolicyHeaderValue,
    52. 

  52.   )
    53. 

  53. 

  54.   return response
    55. 

  55. }
    56. 

  56. 

  57. export const config = {
    58. 

  58.   matcher: [
    59. 

  59.     /*
    60. 

  60.      * Match all request paths except for the ones starting with:
    61. 

  61.      * - api (API routes)
    62. 

  62.      * - _next/static (static files)
    63. 

  63.      * - _next/image (image optimization files)
    64. 

  64.      * - favicon.ico (favicon file)
    65. 

  65.      */
    66. 

  66.     {
    67. 

  67.       // source: '/((?!api|_next/static|_next/image|favicon.ico).*)',
    68. 

  68.       source: '/((?!_next/static|_next/image|favicon.ico).*)',
    69. 

  69.       // source: '/(.*)',
    70. 

  70.       // missing: [
    71. 

  71.       //   { type: 'header', key: 'next-router-prefetch' },
    72. 

  72.       //   { type: 'header', key: 'purpose', value: 'prefetch' },
    73. 

  73.       // ],
    74. 

  74.     },
    75. 

  75.   ],
    76. 

  76. }
    77. 

  77.