Security handening

2025-08-07 16:28:07 +02:00
parent 6ed1f985e0
commit c95f96594f
8 changed files with 188 additions and 142 deletions
--- a/svelte.config.js
+++ b/svelte.config.js
@@ -3,10 +3,23 @@ import { vitePreprocess } from '@sveltejs/vite-plugin-svelte';

 /** @type {import('@sveltejs/kit').Config} */
 const config = {
-	// Consult https://svelte.dev/docs/kit/integrations
-	// for more information about preprocessors
 	preprocess: vitePreprocess(),
-	kit: { adapter: adapter() }
+	kit: { adapter: adapter() },
+	csp: {
+		mode: 'hash',
+		directives: {
+			'default-src': ["'self'"],
+			'script-src': ["'self'"],
+			'style-src': ["'self'"],
+			'img-src': ["'self'", 'data:'],
+			'connect-src': ["'self'", 'https://www.googleapis.com'],
+			'font-src': ["'self'"],
+			'object-src': ["'none'"],
+			'frame-ancestors': ["'none'"],
+			'base-uri': ["'self'"],
+			'form-action': ["'self'"]
+		},
+	}
 };

 export default config;