fix(api): 🐛 Disable CSP upgrade-insecure-requests when using Tor

2025-12-06 08:28:19 +01:00 · 2024-06-25 18:46:16 -10:00 · 2024-06-25 18:46:16 -10:00 · 75992dfe62
parent ae3d5813cf
commit 75992dfe62
1 changed files with 10 additions and 0 deletions
--- a/index.ts
+++ b/index.ts
@ -123,6 +123,16 @@ app.all("*", async (context) => {
        );
    }

+    // Disable CSP upgrade-insecure-requests if an .onion domain is used
+    if (new URL(context.req.url).hostname.endsWith(".onion")) {
+        proxy.headers.set(
+            "Content-Security-Policy",
+            proxy.headers
+                .get("Content-Security-Policy")
+                ?.replace("upgrade-insecure-requests;", "") ?? "",
+        );
+    }
+
    return proxy;
 });