refactor adding csp headers again

StigNygaard · Oct 22, 2024 · d50cfcb · d50cfcb
1 parent b854c79
commit d50cfcb
Showing 1 changed file with 7 additions and 15 deletions.
diff --git a/main.ts b/main.ts
@@ -12,13 +12,7 @@ const myHeaders = {
     'Referrer-Policy': 'strict-origin-when-cross-origin',
     'X-Content-Type-Options': 'nosniff'
 }
-
-function responseWithHeaders(response: Response): Response {
-    for (const [key, value] of Object.entries(myHeaders)) {
-        response.headers.set(key, value);
-    }
-    return response;
-}
+const myHeadersArr = Object.entries(myHeaders).map(([k, v]) => `${k}: ${v}`);
 
 // we could set a port-number with Deno.serve({port: portno}, handler);
 Deno.serve(async (req: Request, info: Deno.ServeHandlerInfo) => {
@@ -38,30 +32,28 @@ Deno.serve(async (req: Request, info: Deno.ServeHandlerInfo) => {
         response = new Response(null, {status: 200, statusText: 'OK', headers: myHeaders});
     } else if (pathname.startsWith('/widgets/') && req.method === 'GET') {
         // The statically served widgets code - https://lastfm-widgets.deno.dev/widgets/*
-        response = responseWithHeaders(await serveDir(req, {
+        response = await serveDir(req, {
             urlRoot: 'widgets',
             fsRoot: 'widgets',
             showDirListing: false,
             showDotfiles: false,
             showIndex: false, // index.html
             enableCors: false, // CORS not allowed/enabled (no CORS headers)
             quiet: true, // logging of errors
-            headers: []
-            // TODO Why doesn't this work?:  headers: Object.entries(myHeaders).map(([k, v]) => `${k}: ${v}`)
-        }));
+            headers: myHeadersArr
+        });
     } else if (req.method === 'GET') {
         // The statically served demo-page - https://lastfm-widgets.deno.dev/*
-        response = responseWithHeaders(await serveDir(req, {
+        response = await serveDir(req, {
             urlRoot: '',
             fsRoot: 'demo',
             showDirListing: false,
             showDotfiles: false,
             showIndex: true, // index.html
             enableCors: false, // CORS not allowed/enabled (no CORS headers)
             quiet: true, // logging of errors
-            headers: []
-            // TODO Why doesn't this work?:  headers: Object.entries(myHeaders).map(([k, v]) => `${k}: ${v}`)
-        }));
+            headers: myHeadersArr
+        });
     } else {
         response = new Response('Not found', { status: 404, statusText: `Method ${req.method} not supported here`, headers: myHeaders});
         // for other routing examples, see f.ex: https://youtu.be/p541Je4J_ws?si=-tWmB355467gtFIP