const { Router } = require('@edgio/core/router')
const ContentSecurityPolicy = `
default-src 'self';
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.layer0.co;
style-src 'self' 'unsafe-inline' *.googleapis.com;
img-src * blob: data:;
media-src 'none';
connect-src *;
font-src 'self' *.gstatic.com;
`;
export default new Router()
.match('/:route', ({ setResponseHeader }) => {
setResponseHeader('Content-Security-Policy', ContentSecurityPolicy.replace(/\n/g, ""))
setResponseHeader("X-Content-Type-Options", 'nosniff')
setResponseHeader('X-Frame-Options', 'DENY')
setResponseHeader('Cross-Origin-Resource-Policy', 'same-origin')
setResponseHeader('Cross-Origin-Embedder-Policy', 'require-corp')
setResponseHeader('Cross-Origin-Opener-Policy', 'same-origin-allow-popups')
setResponseHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')
setResponseHeader('Referrer-Policy', 'origin-when-cross-origin')
setResponseHeader('Permissions-Policy', 'camera=(), microphone=(), geolocation=()')
})