|
| 1 | +export default { |
| 2 | + open: true, |
| 3 | + routes: { |
| 4 | + '/': async (req) => { |
| 5 | + if (req.destination === 'document') { |
| 6 | + // Hack to make it not read-only |
| 7 | + const importmap = await import('@shgysk8zer0/importmap').then(mod => ({ ...mod.importmap })); |
| 8 | + const { readFile } = await import('node:fs/promises'); |
| 9 | + importmap.imports['@aegisjsproject/markdown'] = '/markdown.min.js'; |
| 10 | + importmap.imports['@aegisjsproject/markdown/'] = '/'; |
| 11 | + const json = JSON.stringify(importmap); |
| 12 | + const hash = new Uint8Array(await crypto.subtle.digest('SHA-384', new TextEncoder().encode(json))); |
| 13 | + const integrity = 'sha384-' + hash.toBase64(); |
| 14 | + const doc = await readFile('./test/index.html', { encoding: 'utf-8' }) |
| 15 | + .then(doc => doc.replace('{{ importmap }}', json).replace('{{ integrity }}', integrity)); |
| 16 | + |
| 17 | + const csp = `default-src 'none'; |
| 18 | + script-src 'self' https://unpkg.com/@shgysk8zer0/ https://unpkg.com/@aegisjsproject/ https://unpkg.com/@highlightjs/ '${integrity}'; |
| 19 | + style-src 'self' blob: https://unpkg.com/@highlightjs/; |
| 20 | + img-src 'self' https://img.shields.io/ https://github.com/AegisJSProject/markdown/workflows/ https://github.com/AegisJSProject/markdown/actions/workflows/; |
| 21 | + connect-src 'self'; |
| 22 | + trusted-types empty#html empty#script aegis-sanitizer#html; |
| 23 | + require-trusted-types-for 'script'`; |
| 24 | + |
| 25 | + return new Response(doc, { |
| 26 | + headers: { |
| 27 | + 'Content-Type': 'text/html', |
| 28 | + 'Content-Security-Policy': csp.replaceAll(/[\n\t]/g, ' '), |
| 29 | + } |
| 30 | + }); |
| 31 | + } else { |
| 32 | + return new Response(req.destination, { |
| 33 | + headers: { 'Content-Type': 'text/plain' }, |
| 34 | + }); |
| 35 | + } |
| 36 | + } |
| 37 | + } |
| 38 | +}; |
0 commit comments