there are 2 problems with my code below. No matter what I did, I couldn't solve the problem.
Problem 1 -) When the user refreshes the page, it always redirects to the home page.
Problem 2 -) The css does not come correctly on the pages where I pull dynamic data. I added 2 images as an example. When I refresh the page the css becomes even more corrupted.
Thanks for your help.
security: {
hidePoweredBy: true,
corsHandler: {
origin: "www.abc",
methods: ["GET", "POST", "DELETE"],
credentials: false,
},
headers: {
strictTransportSecurity: {
maxAge: 15552000,
includeSubdomains: true,
},
xFrameOptions: "DENY",
crossOriginEmbedderPolicy: "unsafe-none",
crossOriginOpenerPolicy: "same-origin",
crossOriginResourcePolicy: "same-origin",
xXSSProtection: "1; mod=block",
xPermittedCrossDomainPolicies: "none",
contentSecurityPolicy: {
'base-uri': ["'none'"],
'font-src': ["'self'", "https:", "data:"],
'form-action': ["'self'"],
'img-src': [
"'self'",
";,
";,
";,
";,
"data:",
],
'frame-ancestors': ["'none'"],
'frame-src': ["'self'", "/", "/"],
'manifest-src': ["'self'"],
'media-src': ["'self'"],
'object-src': ["'none'"],
'worker-src': ["'self'"],
'script-src-attr': ["'none'"],
'script-src': [
"'self'",
"https:",
"'unsafe-inline'",
"'nonce-{{nonce}}'",
],
'style-src': ["'self'", "'unsafe-inline'"],
"upgrade-insecure-requests": true,
},
originAgentCluster: "?1",
xContentTypeOptions: "nosniff",
referrerPolicy: "strict-origin-when-cross-origin",
xDownloadOptions: "noopen",
xDNSPrefetchControl: "off",
},
allowedMethodsRestricter: {
methods: ["GET", "POST", "DELETE"],
},
xssValidator: {
methods: ["GET", "POST", "DELETE"],
css: true,
escapeHtml: true,
},
requestSizeLimiter: {
maxRequestSizeInBytes: 2000000,
maxUploadFileRequestInBytes: 8000000,
},
rateLimiter: {
tokensPerInterval: 100,
interval: 900000,
headers: false,
},
sri: true,
nonce: true,
ssg: {
meta: true,
hashScripts: true,
hashStyles: false,
exportToPresets: true,
},
}