Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

20240130 Feature Request: Implement CSP Policy Options in SvelteKit Configuration #64

Open
1 task done
maehr opened this issue Jan 30, 2024 · 0 comments
Open
1 task done

20240130 Feature Request: Implement CSP Policy Options in SvelteKit Configuration #64

maehr opened this issue Jan 30, 2024 · 0 comments

Comments

@maehr
Copy link
Member

maehr commented Jan 30, 2024

Description

I propose adding a feature to SvelteKit that allows users to easily implement Content Security Policies (CSP) directly within the SvelteKit configuration file (svelte.config.js). Currently, setting up a CSP requires manual configuration or external scripts. However, integrating CSP options into SvelteKit's configuration can simplify the process, making web applications more secure by default.

Suggested Implementation:

// In svelte.config.js
const config = {
  kit: {
    // Existing configurations...
    csp: {
      mode: 'hash', // options: 'auto', 'hash', 'nonce'
      directives: {
        'default-src': ['self'],
        'script-src': ['self', 'https://trusted-source.com'],
        // Other directives...
      }
    }
  }
};

This feature would allow developers to define CSP directives that align with their application's needs. The mode property can offer flexibility in how CSPs are handled (e.g., using 'hash' for inline scripts/styles).

Category

  • New Feature

References

  • SvelteKit Configuration Documentation: SvelteKit Docs
  • Example Implementation: I found a GitHub repository that implements CSP directives for SvelteKit, which could serve as a reference for this feature: sveltekit-content-security-policy.
@maehr maehr changed the title Feature Request: Implement CSP Policy Options in SvelteKit Configuration 20240130: Feature Request: Implement CSP Policy Options in SvelteKit Configuration Jan 31, 2024
@maehr maehr changed the title 20240130: Feature Request: Implement CSP Policy Options in SvelteKit Configuration 20240130 Feature Request: Implement CSP Policy Options in SvelteKit Configuration Feb 6, 2024
@maehr maehr linked a pull request Feb 14, 2024 that will close this issue
feat: add csp directives fix #64 #65
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add csp directives fix #64 maehr/stadtgeschichtebasel.ch
1 participant
@maehr