add some basic HTTP security headers
This commit is contained in:
+5
-2
@@ -1,6 +1,9 @@
|
||||
node_modules/
|
||||
worker/
|
||||
dist/
|
||||
|
||||
node_modules/
|
||||
package-lock.json
|
||||
|
||||
# don't accidentally commit OS images (again...)
|
||||
*.img
|
||||
*.raw
|
||||
*.qcow2
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
package-lock=false
|
||||
+22
-11
@@ -1,4 +1,4 @@
|
||||
import { getAssetFromKV, mapRequestToAsset } from '@cloudflare/kv-asset-handler'
|
||||
import { getAssetFromKV } from '@cloudflare/kv-asset-handler'
|
||||
|
||||
/**
|
||||
* The DEBUG flag will do two things that help during development:
|
||||
@@ -25,21 +25,32 @@ addEventListener('fetch', event => {
|
||||
})
|
||||
|
||||
async function handleEvent(event) {
|
||||
const url = new URL(event.request.url)
|
||||
let options = {
|
||||
cacheControl: {
|
||||
edgeTTL: 60 * 60 * 1, // 1 hour
|
||||
browserTTL: 60 * 60 * 1, // 1 hour
|
||||
bypassCache: false,
|
||||
browserTTL: 3600,
|
||||
}
|
||||
}
|
||||
|
||||
let headers = {
|
||||
'X-XSS-Protection': '1; mode=block',
|
||||
'X-Frame-Options': 'DENY',
|
||||
'X-Content-Type-Options': 'nosniff',
|
||||
'x-y2k-backend': 'v5',
|
||||
'x-y2k-debug': DEBUG,
|
||||
}
|
||||
|
||||
try {
|
||||
if (DEBUG) {
|
||||
// customize caching
|
||||
options.cacheControl.bypassCache = true
|
||||
}
|
||||
return await getAssetFromKV(event, options)
|
||||
if (DEBUG) options.cacheControl.bypassCache = true
|
||||
|
||||
// asset was found, the good stuff goes here
|
||||
let asset = await getAssetFromKV(event, options)
|
||||
|
||||
// set various security headers above
|
||||
Object.keys(headers).forEach((name) => {
|
||||
asset.headers.set(name, headers[name])
|
||||
})
|
||||
|
||||
return asset
|
||||
} catch (e) {
|
||||
// if an error is thrown try to serve the asset at 404.html
|
||||
if (!DEBUG) {
|
||||
@@ -52,6 +63,6 @@ async function handleEvent(event) {
|
||||
} catch (e) {}
|
||||
}
|
||||
|
||||
return new Response(e.message || e.toString(), { status: 500 })
|
||||
return new Response(e.message || e.toString(), { headers, status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"private": true,
|
||||
"name": "worker",
|
||||
"name": "y2k-static",
|
||||
"version": "1.0.0",
|
||||
"description": "A template for kick starting a Cloudflare Workers project",
|
||||
"main": "index.js",
|
||||
"author": "Ashley Lewis <ashleymichal@gmail.com>",
|
||||
"homepage": "https://y2k.lol/",
|
||||
"author": "Jake Jarvis <jake@jarv.is>",
|
||||
"license": "MIT",
|
||||
"main": "index.js",
|
||||
"dependencies": {
|
||||
"@cloudflare/kv-asset-handler": "^0.0.5"
|
||||
"@cloudflare/kv-asset-handler": "*"
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user