Home Explore Help
Sign In
jexelmans
/
drawio
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ede772cf4c
Branches Tags
drawio
/
etc
/
header-conf
/
header.js

header.js 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041 
  1. // https://scotthelme.co.uk/security-headers-cloudflare-worker/
    2. 

  2. 

  3. let securityHeaders =
    4. 

  4. {
    5. 

  5. 	"Content-Security-Policy" : "default-src 'self'; script-src https://aui-cdn.atlassian.com https://connect-cdn.atl-paas.net https://ajax.googleapis.com 'self' https://storage.googleapis.com https://apis.google.com https://*.pusher.com https://code.jquery.com https://www.dropbox.com https://api.trello.com 'sha256-JqdgAC+ydIDMtmQclZEqgbw94J4IeABIfXAxwEJGDJs=' 'sha256-4Dg3/NrB8tLC7TUSCbrtUDWD/J6bSLka01GHn+qtNZ0='; connect-src 'self' https://*.draw.io https://*.diagrams.net https://*.googleapis.com wss://*.pusher.com https://*.pusher.com https://api.github.com https://raw.githubusercontent.com https://gitlab.com https://graph.microsoft.com https://*.sharepoint.com https://*.1drv.com https://*.dropboxapi.com https://api.trello.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data:; media-src * data:; font-src * about:; frame-src https://www.lucidchart.com https://app.lucidchart.com 'self' https://www.draw.io https://*.google.com; style-src https://aui-cdn.atlassian.com https://*.atlassian.net 'self' 'unsafe-inline' https://fonts.googleapis.com;",
    6. 

  6. 	"X-XSS-Protection" : "1; mode=block",
    7. 

  7. 	"Feature-Policy" : "accelerometer 'none'; ambient-light-sensor 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; wake-lock 'none'; xr-spatial-tracking 'none';"
    8. 

  8. }
    9. 

  9. 

  10. addEventListener('fetch', event =>
    11. 

  11. {
    12. 

  12. 	event.respondWith(addHeaders(event.request))
    13. 

  13. })
    14. 

  14. 

  15. async function addHeaders(req)
    16. 

  16. {
    17. 

  17. 	let response = await fetch(req)
    18. 

  18. 	let newHdrs = new Headers(response.headers)
    19. 

  19. 

  20. 	if (newHdrs.has("Content-Type") && !newHdrs.get("Content-Type").includes("text/html"))
    21. 

  21. 	{
    22. 

  22.         return new Response(response.body ,
    23. 

  23.         {
    24. 

  24.             status: response.status,
    25. 

  25.             statusText: response.statusText,
    26. 

  26.             headers: newHdrs
    27. 

  27.         })
    28. 

  28. 	}
    29. 

  29. 

  30. 	Object.keys(securityHeaders).map(function(name, index)
    31. 

  31. 	{
    32. 

  32. 		newHdrs.set(name, securityHeaders[name]);
    33. 

  33. 	})
    34. 

  34. 

  35. 	return new Response(response.body ,
    36. 

  36. 	{
    37. 

  37. 		status: response.status,
    38. 

  38. 		statusText: response.statusText,
    39. 

  39. 		headers: newHdrs
    40. 

  40. 	})
    41. 

  41. }
    42.