gui.do
Sifa professional network API (Fastify, AT Protocol, Jetstream)
sifa.id/
feat(security): add CSP report-uri to GlitchTip (#99)
When GLITCHTIP_DSN is configured, parse the DSN to derive the security
endpoint and add it as a report-uri directive in the Content-Security-Policy
header. CSP violations from browsers will be reported to GlitchTip.
authored by
Guido X Jansen
and committed by
GitHub
b44d6365
5604ff90
+16
-1
+16
-1
src/server.ts
+16
-1
src/server.ts
···
70
70
const valkey = config.NODE_ENV !== 'test' ? createValkey(config.VALKEY_URL) : null;
71
71
if (valkey) await valkey.connect();
72
72
73
-
await app.register(helmet);
73
+
if (config.GLITCHTIP_DSN) {
74
+
const dsnUrl = new URL(config.GLITCHTIP_DSN);
75
+
const key = dsnUrl.username;
76
+
const projectId = dsnUrl.pathname.replace('/', '');
77
+
const reportUri = `${dsnUrl.protocol}//${dsnUrl.host}/api/${projectId}/security/?glitchtip_key=${key}`;
78
+
await app.register(helmet, {
79
+
contentSecurityPolicy: {
80
+
directives: {
81
+
'default-src': ["'self'"],
82
+
'report-uri': [reportUri],
83
+
},
84
+
},
85
+
});
86
+
} else {
87
+
await app.register(helmet);
88
+
}
74
89
await app.register(cors, { origin: config.PUBLIC_URL, credentials: true });
75
90
await app.register(cookie);
76
91
await app.register(rateLimit, {