forked from themesberg/flowbite-astro-admin-dashboard
-
Notifications
You must be signed in to change notification settings - Fork 0
/
astro.config.mjs
76 lines (59 loc) · 2.66 KB
/
astro.config.mjs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
// astro.config.mjs
import { defineConfig } from 'astro/config';
import sitemap from '@astrojs/sitemap';
import tailwind from '@astrojs/tailwind';
import vercel from "@astrojs/vercel/serverless";
import crypto from 'crypto';
const DEV_PORT = 4321;
// Function to calculate the hash of inline scripts
const calculateInlineScriptHash = (scriptContent) =>
crypto.createHash('sha256').update(scriptContent).digest('base64');
// Function to generate a nonce value
const generateNonce = () => crypto.randomBytes(16).toString('base64');
// https://astro.build/config
export default defineConfig({
site: process.env.CI
? 'https://ufox.vercel.app' // Replace with your Vercel deployment URL
: 'https://ufox.vercel.app', // Replace with your Vercel deployment URL
base: undefined, // Set to undefined for the main domain deployment
output: 'server',
server: {
port: DEV_PORT
},
integrations: [sitemap(), tailwind()],
adapter: vercel(),
// Build hook to capture inline script hashes
hooks: {
onEnd() {
// Access the built HTML
const { contents } = this.dist.read('index.html');
// Extract inline script contents using a regex
const inlineScripts = contents.match(/<script>([\s\S]*?)<\/script>/g) || [];
const inlineScriptHashes = inlineScripts.map((script) => {
const scriptContent = script.replace(/<script>|<\/script>/g, '').trim();
return calculateInlineScriptHash(scriptContent);
});
// Save the inline script hashes for later use
this.cache.set('inlineScriptHashes', inlineScriptHashes);
// Save the generated nonce for later use
this.cache.set('nonceValue', generateNonce());
},
},
// Function to inject the CSP header and meta tag
async onPageRender({ renderResult }) {
// Retrieve the inline script hashes and nonce from the cache
const inlineScriptHashes = this.cache.get('inlineScriptHashes') || [];
const nonceValue = this.cache.get('nonceValue') || '';
// Create the Content-Security-Policy header
const cspHeader = `script-src 'self' 'unsafe-inline' 'nonce-${nonceValue}' ${inlineScriptHashes.join(' ')};`;
// Create a copy of the original renderResult to avoid modifying the parameter directly
const modifiedResult = { ...renderResult };
// Add the CSP header to the response
modifiedResult.headers.append('Content-Security-Policy', cspHeader);
// Inject the CSP meta tag into the head
const cspMetaTag = `<meta http-equiv="Content-Security-Policy" content="${cspHeader}">`;
modifiedResult.html = modifiedResult.html.replace('</head>', `${cspMetaTag}</head>`);
// Return the modified result
return modifiedResult;
},
});