From 30dbd04d9b6697dbd9a26c10b7d139e03d545a3b Mon Sep 17 00:00:00 2001
From: plaintextcity <plaintextcity@users.noreply.github.com>
Date: Wed, 21 Mar 2018 23:22:51 -0400
Subject: [PATCH] Always be sanitizing

The original version only adds security headers to text/html.  That's good, but it also only sanitizes the headers for text/html, and we should always be sanitizing!
---
 worker.js | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/worker.js b/worker.js
index d81b569..d8327d7 100644
--- a/worker.js
+++ b/worker.js
@@ -25,18 +25,14 @@ async function addHeaders(req) {
 	let response = await fetch(req)
 	let newHdrs = new Headers(response.headers)
 
-	if (newHdrs.has("Content-Type") && !newHdrs.get("Content-Type").includes("text/html")) {
-		return new Response(response.body , {
-			status: response.status,
-			statusText: response.statusText,
-			headers: newHdrs
+	if (newHdrs.has("Content-Type") && newHdrs.get("Content-Type").includes("text/html")) {
+	        Object.keys(securityHeaders).forEach(name => {
+		       newHdrs.set(name, securityHeaders[name]);
 		})
 	}
 
-	let setHeaders = Object.assign({}, securityHeaders, sanitiseHeaders)
-
-	Object.keys(setHeaders).forEach(name => {
-		newHdrs.set(name, setHeaders[name]);
+	Object.keys(sanitiseHeaders).forEach(name => {
+		newHdrs.set(name, sanitiseHeaders[name]);
 	})
 
 	removeHeaders.forEach(name => {