Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate CSP headers for static/pre-generated routes #106

Open
tlaundal opened this issue Jan 23, 2023 · 0 comments
Open

Generate CSP headers for static/pre-generated routes #106

tlaundal opened this issue Jan 23, 2023 · 0 comments

Comments

@tlaundal
Copy link
Contributor

tlaundal commented Jan 23, 2023
edited
Loading

SvelteKit has good support for Content Security Policy, and will automatically generate both <meta> tags and headers.

It seems that currently the adapter serves CSP headers for requests that hit the /api/__render function, but pre-generated or static routes do not get a header. SvelteKit does add the <meta> tag with CSP for pre-generated routes, so this issue is perhaps not so severe.

It would be nice if the adapter would add the headers to global headers, so they apply also for serving static pages. There are also options for headers per route, which may be more applicable for this use.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tlaundal