Merge pull request #273 from ente-io/web-security-clean
harden web security
This commit is contained in:
commit
1d0aa42630
|
@ -11,18 +11,6 @@ const gitSha = cp.execSync('git rev-parse --short HEAD', {
|
||||||
encoding: 'utf8',
|
encoding: 'utf8',
|
||||||
});
|
});
|
||||||
|
|
||||||
// eslint-disable-next-line camelcase
|
|
||||||
const COOP_COEP_Headers = [
|
|
||||||
{
|
|
||||||
key: 'Cross-Origin-Opener-Policy',
|
|
||||||
value: 'same-origin',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
key: 'Cross-Origin-Embedder-Policy',
|
|
||||||
value: 'require-corp',
|
|
||||||
},
|
|
||||||
];
|
|
||||||
|
|
||||||
module.exports = withSentryConfig(
|
module.exports = withSentryConfig(
|
||||||
withWorkbox(
|
withWorkbox(
|
||||||
withBundleAnalyzer({
|
withBundleAnalyzer({
|
||||||
|
@ -33,17 +21,6 @@ module.exports = withSentryConfig(
|
||||||
swSrc: 'src/serviceWorker.js',
|
swSrc: 'src/serviceWorker.js',
|
||||||
exclude: [/manifest\.json$/i],
|
exclude: [/manifest\.json$/i],
|
||||||
},
|
},
|
||||||
|
|
||||||
// added to enabled shared Array buffer - https://web.dev/coop-coep/
|
|
||||||
headers() {
|
|
||||||
return [
|
|
||||||
{
|
|
||||||
// Apply these headers to all routes in your application....
|
|
||||||
source: '/(.*)',
|
|
||||||
headers: COOP_COEP_Headers,
|
|
||||||
},
|
|
||||||
];
|
|
||||||
},
|
|
||||||
// https://dev.to/marcinwosinek/how-to-add-resolve-fallback-to-webpack-5-in-nextjs-10-i6j
|
// https://dev.to/marcinwosinek/how-to-add-resolve-fallback-to-webpack-5-in-nextjs-10-i6j
|
||||||
webpack: (config, { isServer }) => {
|
webpack: (config, { isServer }) => {
|
||||||
if (!isServer) {
|
if (!isServer) {
|
||||||
|
|
12
public/_headers
Normal file
12
public/_headers
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
/*
|
||||||
|
Cache-Control: no-store, must-revalidate
|
||||||
|
Cross-Origin-Embedder-Policy: require-corp
|
||||||
|
Cross-Origin-Opener-Policy: same-origin
|
||||||
|
Strict-Transport-Security: max-age=63072000
|
||||||
|
X-Content-Type-Options: nosniff
|
||||||
|
X-Download-Options: noopen
|
||||||
|
X-Frame-Options: deny
|
||||||
|
X-XSS-Protection: 1; mode=block
|
||||||
|
Referrer-Policy: same-origin
|
||||||
|
Content-Security-Policy-Report-Only: default-src 'none'; img-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-eval' blob:; connect-src 'self' https://*.ente.io data: blob: https://ente-prod-eu.s3.eu-central-003.backblazeb2.com ; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; report-uri https://csp-reporter.ente.io; report-to https://csp-reporter.ente.io;
|
||||||
|
|
|
@ -11,7 +11,7 @@ export const getFileUrl = (id: number) => {
|
||||||
'https://api.ente.io'
|
'https://api.ente.io'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
return `https://files.ente.workers.dev/?fileID=${id}`;
|
return `https://files.ente.io/?fileID=${id}`;
|
||||||
};
|
};
|
||||||
|
|
||||||
export const getThumbnailUrl = (id: number) => {
|
export const getThumbnailUrl = (id: number) => {
|
||||||
|
@ -21,11 +21,11 @@ export const getThumbnailUrl = (id: number) => {
|
||||||
'https://api.ente.io'
|
'https://api.ente.io'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
return `https://thumbnails.ente.workers.dev/?fileID=${id}`;
|
return `https://thumbnails.ente.io/?fileID=${id}`;
|
||||||
};
|
};
|
||||||
|
|
||||||
export const getSentryTunnelUrl = () => {
|
export const getSentryTunnelUrl = () => {
|
||||||
return `https://sentry-reporter.ente.workers.dev`;
|
return `https://sentry-reporter.ente.io`;
|
||||||
};
|
};
|
||||||
|
|
||||||
export const getPaymentsUrl = () => {
|
export const getPaymentsUrl = () => {
|
||||||
|
|
Loading…
Reference in a new issue