CalvinBackup/Shadowbroker
1
0
Fork 0
mirror of https://github.com/BigBodyCobain/Shadowbroker.git synced 2026-05-13 03:54:45 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ce9ba39cd2447d14bdf6b0e50b4a32573cc231c1
Shadowbroker/frontend/src/middleware.ts
T
BigBodyCobain ce9ba39cd2 Fix production CSP hydration
2026-05-03 13:59:07 -06:00

63 lines
2.0 KiB
TypeScript
Raw Blame History

/**
* Phase 5F-A: CSP nonce plumbing middleware.
*
* Generates a per-request cryptographic nonce and emits a dynamic
* Content-Security-Policy header for document (page) responses.
* API routes, static assets, and image optimization paths are excluded.
*/
import { NextRequest, NextResponse } from 'next/server';
function buildCsp(nonce: string): string {
const isDev = process.env.NODE_ENV !== 'production';
const directives = [
"default-src 'self'",
isDev
? `script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-${nonce}' blob:`
: `script-src 'self' 'unsafe-inline' 'nonce-${nonce}' blob:`,
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
"img-src 'self' data: blob: https:",
isDev
? "connect-src 'self' ws: wss: http://127.0.0.1:8000 http://127.0.0.1:8787 https:"
: "connect-src 'self' ws: wss: https:",
"font-src 'self' data: https://fonts.gstatic.com",
"object-src 'none'",
"worker-src 'self' blob:",
"child-src 'self' blob:",
"frame-src 'self' https://video.ibm.com https://ustream.tv https://www.ustream.tv",
"frame-ancestors 'none'",
"base-uri 'self'",
"form-action 'self'",
];
return directives.join('; ');
}
export function middleware(request: NextRequest) {
const nonce = Buffer.from(crypto.randomUUID()).toString('base64');
// Forward nonce to server components via request header.
const requestHeaders = new Headers(request.headers);
requestHeaders.set('x-nonce', nonce);
const response = NextResponse.next({
request: { headers: requestHeaders },
});
response.headers.set('Content-Security-Policy', buildCsp(nonce));
return response;
}
export const config = {
matcher: [
/*
* Match all document/page paths. Exclude:
* - /api/* (API routes — handled by route handlers)
* - /_next/static/* (static assets)
* - /_next/image/* (image optimization)
* - /favicon.ico (browser icon)
*/
'/((?!api|_next/static|_next/image|favicon.ico).*)',
],
};
Reference in New Issue View Git Blame Copy Permalink