jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-10-30 00:55:49 -04:00
Code Issues Activity

secure cookies for matomo

Browse Source
This commit is contained in:
Jake Jarvis
2019-03-10 09:46:59 -04:00
parent 4c3cb8f03c
commit 09ebf60b78
2 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
layouts/partials/footer.html
View File

@@ -1,6 +1,7 @@
<script>
var _paq = _paq || [];
_paq.push(['setRequestMethod', 'POST']);
_paq.push(['setSecureCookie', true]);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
_paq.push(['enableHeartBeatTimer']);

52
worker.js Normal file
View File

@@ -0,0 +1,52 @@
let securityHeaders = {
"Content-Security-Policy": "default-src 'none'; script-src 'self' stats.jarv.is 'sha256-QwZM+dNl2R1KcXo8ORmpT3mqAVwIBbEcJBmWYurBNv4='; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; object-src 'self'; media-src 'self'; base-uri 'none'; form-action 'self'; frame-src 'self'; frame-ancestors 'self'; worker-src 'none'; connect-src 'self' jarvis.report-uri.com stats.jarv.is; upgrade-insecure-requests; report-uri https://jarvis.report-uri.com/r/d/csp/enforce; report-to default",
"Report-To": "{\"group\":\"default\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://jarvis.report-uri.com/a/d/g\"}]}",
"NEL": "{\"report_to\":\"default\",\"max_age\":604800}",
// "Strict-Transport-Security" : "max-age=1000",
"X-Xss-Protection": "1; mode=block; report=https://jarvis.report-uri.com/r/d/xss/enforce",
"X-Frame-Options": "SAMEORIGIN",
"X-Content-Type-Options": "nosniff",
"Referrer-Policy": "same-origin",
"X-DNS-Prefetch-Control": "off",
"X-UA-Compatible": "IE=edge",
"X-Permitted-Cross-Domain-Policies": "none",
"Feature-Policy": "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; sync-xhr 'none'; payment 'none'; usb 'none'; vr 'none'"
}
let removeHeaders = [
"Last-Modified",
"Expires",
"Public-Key-Pins",
"X-Powered-By",
"x-amz-request-id",
"x-amz-id-2",
"x-amz-bucket",
"x-amz-bucket-region",
"x-amz-error-code",
"x-amz-error-message",
"x-amz-error-detail-key",
"x-amz-version-id"
]
addEventListener('fetch', event => {
event.respondWith(addHeaders(event.request))
})
async function addHeaders(req) {
let response = await fetch(req)
let newHeaders = new Headers(response.headers)
Object.keys(securityHeaders).map(function(name, index) {
newHeaders.set(name, securityHeaders[name]);
})
removeHeaders.forEach(function(name){
newHeaders.delete(name)
})
return new Response(response.body , {
status: response.status,
statusText: response.statusText,
headers: newHeaders
})
}