add some basic HTTP security headers

This commit is contained in:
2020-05-31 15:22:58 -04:00
parent 480b6cec62
commit f5225f5918
4 changed files with 33 additions and 18 deletions
+5 -2
View File
@@ -1,6 +1,9 @@
node_modules/
worker/
dist/
node_modules/
package-lock.json
# don't accidentally commit OS images (again...)
*.img
*.raw
*.qcow2
+1
View File
@@ -0,0 +1 @@
package-lock=false
+22 -11
View File
@@ -1,4 +1,4 @@
import { getAssetFromKV, mapRequestToAsset } from '@cloudflare/kv-asset-handler'
import { getAssetFromKV } from '@cloudflare/kv-asset-handler'
/**
* The DEBUG flag will do two things that help during development:
@@ -25,21 +25,32 @@ addEventListener('fetch', event => {
})
async function handleEvent(event) {
const url = new URL(event.request.url)
let options = {
cacheControl: {
edgeTTL: 60 * 60 * 1, // 1 hour
browserTTL: 60 * 60 * 1, // 1 hour
bypassCache: false,
browserTTL: 3600,
}
}
try {
if (DEBUG) {
// customize caching
options.cacheControl.bypassCache = true
let headers = {
'X-XSS-Protection': '1; mode=block',
'X-Frame-Options': 'DENY',
'X-Content-Type-Options': 'nosniff',
'x-y2k-backend': 'v5',
'x-y2k-debug': DEBUG,
}
return await getAssetFromKV(event, options)
try {
if (DEBUG) options.cacheControl.bypassCache = true
// asset was found, the good stuff goes here
let asset = await getAssetFromKV(event, options)
// set various security headers above
Object.keys(headers).forEach((name) => {
asset.headers.set(name, headers[name])
})
return asset
} catch (e) {
// if an error is thrown try to serve the asset at 404.html
if (!DEBUG) {
@@ -52,6 +63,6 @@ async function handleEvent(event) {
} catch (e) {}
}
return new Response(e.message || e.toString(), { status: 500 })
return new Response(e.message || e.toString(), { headers, status: 500 })
}
}
+5 -5
View File
@@ -1,12 +1,12 @@
{
"private": true,
"name": "worker",
"name": "y2k-static",
"version": "1.0.0",
"description": "A template for kick starting a Cloudflare Workers project",
"main": "index.js",
"author": "Ashley Lewis <ashleymichal@gmail.com>",
"homepage": "https://y2k.lol/",
"author": "Jake Jarvis <jake@jarv.is>",
"license": "MIT",
"main": "index.js",
"dependencies": {
"@cloudflare/kv-asset-handler": "^0.0.5"
"@cloudflare/kv-asset-handler": "*"
}
}