From 27b961b6aad57b071a9bb46aa2d00eb5043cd5c2 Mon Sep 17 00:00:00 2001
From: sheodox <imagamer27@msn.com>
Date: Mon, 4 Mar 2024 16:41:42 -0600
Subject: [PATCH] Add some CSP headers

This should block iframes (not currently used anywhere) and scripts on different domains.
---
 svelte.config.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/svelte.config.js b/svelte.config.js
index 9ad533f..0e14348 100644
--- a/svelte.config.js
+++ b/svelte.config.js
@@ -12,6 +12,13 @@ const config = {
 		adapter: process.env.ALEXANDRITE_RUN_IN_NODE === 'true' ? adapterNode() : adapterAuto(),
 		env: {
 			publicPrefix: 'ALEXANDRITE_'
+		},
+		csp: {
+			directives: {
+				'script-src': ['self'],
+				'frame-ancestors': ['none'],
+				'frame-src': ['none']
+			}
 		}
 	}
 };