diff --git a/README.md b/README.md index 15c54a7..c96c20d 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ export const handle = sequence( headers: { ... } - }), + }).handle, yourOtherHandle ); ``` @@ -78,9 +78,9 @@ import { securityHeaders } from '@islamzaoui/securekit'; export const handle = securityHeaders({ headers: { 'Access-Control-Allow-Origin': 'https://yoursite.com', - 'x-sveltekit-page': null, // this will be deleted + 'x-sveltekit-page': null, // this will be deleted from response haeders }, -}); +}).handle; ``` ## Content Security Policy header @@ -98,6 +98,9 @@ your can use `csp` option in `securityHeaders` to set the `Content-Security-Poli import { securityHeaders } from '@islamzaoui/securekit'; export const handle = securityHeaders({ + headers:{ + ... + }, csp: { directives: { 'script-src': ["'self'",'https://example.com'], diff --git a/apps/demo/src/app.html b/apps/demo/src/app.html index 8b66c36..7893425 100644 --- a/apps/demo/src/app.html +++ b/apps/demo/src/app.html @@ -8,6 +8,6 @@ %sveltekit.head% -
%sveltekit.body%
+
%sveltekit.body%
diff --git a/apps/demo/src/hooks.server.ts b/apps/demo/src/hooks.server.ts index 0e32ebd..8d9e39b 100644 --- a/apps/demo/src/hooks.server.ts +++ b/apps/demo/src/hooks.server.ts @@ -13,18 +13,23 @@ export const handle = securityHeaders({ directives: { 'base-uri': ["'self'"], 'child-src': ["'self'"], - 'connect-src': ["'self'", 'ws://localhost:*'], + 'connect-src': [ + "'self'", + 'ws://localhost:*', + 'wss://ws-us3.pusher.com', + 'https://sockjs-us3.pusher.com' + ], 'img-src': ["'self'", 'data:'], 'font-src': ["'self'", 'data:'], 'form-action': ["'self'"], 'frame-ancestors': ["'self'"], - 'frame-src': ["'self'"], + 'frame-src': ["'self'", 'https://vercel.live'], 'manifest-src': ["'self'"], 'media-src': ["'self'", 'data:'], 'object-src': ["'none'"], - 'style-src': ["'self'"], + 'style-src': ["'self'", "'unsafe-inline'", 'https://vercel.live'], 'default-src': ["'self'", origin], - 'script-src': ["'self'"], + 'script-src': ["'self'", 'https://vercel.live'], 'worker-src': ["'self'"] } }, diff --git a/packages/securekit/CHANGELOG.md b/packages/securekit/CHANGELOG.md index 9c5c164..c2d81a0 100644 --- a/packages/securekit/CHANGELOG.md +++ b/packages/securekit/CHANGELOG.md @@ -1,5 +1,12 @@ # @islamzaoui/securekit +## 1.1.0 + +### Minor Changes + +- 85cbb48: Fix issue #7 + update library codebase structure + ## 1.0.1 ### Patch Changes diff --git a/packages/securekit/package.json b/packages/securekit/package.json index 17fb0aa..c918863 100644 --- a/packages/securekit/package.json +++ b/packages/securekit/package.json @@ -1,6 +1,6 @@ { "name": "@islamzaoui/securekit", - "version": "1.0.1", + "version": "1.1.0", "main": "dist/index.js", "types": "dist/index.d.ts", "module": "dist/index.mjs",