Skip to content

Commit

Permalink
Add some CSP headers
Browse files Browse the repository at this point in the history 
This should block iframes (not currently used anywhere) and scripts on different domains.
  • Loading branch information
@sheodox
sheodox committed Mar 4, 2024
1 parent 18782bc commit 27b961b
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions svelte.config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,13 @@ const config = {
adapter: process.env.ALEXANDRITE_RUN_IN_NODE === 'true' ? adapterNode() : adapterAuto(),
env: {
publicPrefix: 'ALEXANDRITE_'
},
csp: {
directives: {
'script-src': ['self'],
'frame-ancestors': ['none'],
'frame-src': ['none']
}
}
}
};
Expand Down

0 comments on commit 27b961b

Please sign in to comment.