mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/imputnet/cobalt.git synced 2024-12-28 18:46:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

web: update & move csp to svelte.config.js

Browse source 
ough
This commit is contained in:
wukko 2024-09-18 20:11:47 +06:00
parent 52599dd900
commit 026cb634ec
No known key found for this signature in database
GPG key ID: 3E30B3F26C7B4AA2
4 changed files with 42 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pnpm-lock.yaml
View file

@ -140,6 +140,9 @@ importers:
compare-versions: compare-versions:
specifier: ^6.1.0 specifier: ^6.1.0
version: 6.1.1 version: 6.1.1
dotenv:
specifier: ^16.0.1
version: 16.4.5
eslint: eslint:
specifier: ^8.57.0 specifier: ^8.57.0
version: 8.57.0 version: 8.57.0

1
web/package.json
View file

@ -33,6 +33,7 @@
"@types/fluent-ffmpeg": "^2.1.25", "@types/fluent-ffmpeg": "^2.1.25",
"@types/node": "^20.14.10", "@types/node": "^20.14.10",
"compare-versions": "^6.1.0", "compare-versions": "^6.1.0",
"dotenv": "^16.0.1",
"eslint": "^8.57.0", "eslint": "^8.57.0",
"glob": "^10.4.5", "glob": "^10.4.5",
"mdsvex": "^0.11.2", "mdsvex": "^0.11.2",

21
web/src/routes/_headers/+server.ts
View file

@ -1,29 +1,8 @@
import env from "$lib/env";
const allowedScriptOrigins = [
"'self'",
"challenges.cloudflare.com",
env.PLAUSIBLE_HOST ? env.PLAUSIBLE_HOST : ""
]
export async function GET() { export async function GET() {
const CSP = {
"connect-src": ["*"],
"default-src": ["'self'"],
"script-src": allowedScriptOrigins,
"script-src-attr": allowedScriptOrigins,
"frame-src": ["challenges.cloudflare.com"],
}
const _headers = { const _headers = {
"/*": { "/*": {
"Cross-Origin-Opener-Policy": "same-origin", "Cross-Origin-Opener-Policy": "same-origin",
"Cross-Origin-Embedder-Policy": "require-corp", "Cross-Origin-Embedder-Policy": "require-corp",
"Content-Security-Policy":
Object.entries(CSP).map(
([directive, values]) => `${directive} ${values.join(' ')}`
).flat().join("; "),
} }
} }

43
web/svelte.config.js
View file

@ -1,8 +1,10 @@
import adapter from '@sveltejs/adapter-static'; import "dotenv/config";
import { mdsvex } from 'mdsvex'; import adapter from "@sveltejs/adapter-static";
import { fileURLToPath } from 'node:url';
import { dirname, join } from 'node:path'; import { mdsvex } from "mdsvex";
import { sveltePreprocess } from 'svelte-preprocess'; import { fileURLToPath } from "node:url";
import { dirname, join } from "node:path";
import { sveltePreprocess } from "svelte-preprocess";
/** @type {import('@sveltejs/kit').Config} */ /** @type {import('@sveltejs/kit').Config} */
const config = { const config = {
@ -46,6 +48,37 @@ const config = {
precompress: false, precompress: false,
strict: true strict: true
}), }),
csp: {
mode: "hash",
directives: {
"connect-src": ["*"],
"default-src": ["none"],
"font-src": ["self"],
"style-src": ["self", "unsafe-inline"],
"img-src": ["self", "data:"],
"manifest-src": ["self"],
"worker-src": ["self"],
"object-src": ["none"],
"frame-src": [
"self",
"challenges.cloudflare.com"
],
"script-src": [
"self",
"wasm-unsafe-eval",
"challenges.cloudflare.com",
// eslint-disable-next-line no-undef
process.env.WEB_PLAUSIBLE_HOST ? process.env.WEB_PLAUSIBLE_HOST : "",
// hash of the theme preloader in app.html
"sha256-g67gIjM3G8yMbjbxyc3QUoVsKhdxgcQzCmSKXiZZo6s=",
]
}
},
env: { env: {
publicPrefix: 'WEB_' publicPrefix: 'WEB_'
}, },