web: update & move csp to svelte.config.js

ough
imputnet · Sep 18, 2024 · 026cb63 · 026cb63
1 parent 52599dd
commit 026cb63
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 26 deletions.
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/web/package.json b/web/package.json
@@ -33,6 +33,7 @@
  "@types/fluent-ffmpeg": "^2.1.25",
  "@types/node": "^20.14.10",
  "compare-versions": "^6.1.0",
+ "dotenv": "^16.0.1",
  "eslint": "^8.57.0",
  "glob": "^10.4.5",
  "mdsvex": "^0.11.2",

diff --git a/web/src/routes/_headers/+server.ts b/web/src/routes/_headers/+server.ts
@@ -1,29 +1,8 @@
-import env from "$lib/env";
-
-const allowedScriptOrigins = [
- "'self'",
- "challenges.cloudflare.com",
- env.PLAUSIBLE_HOST ? env.PLAUSIBLE_HOST : ""
-]
-
 export async function GET() {
- const CSP = {
- "connect-src": ["*"],
- "default-src": ["'self'"],
-
- "script-src": allowedScriptOrigins,
- "script-src-attr": allowedScriptOrigins,
- "frame-src": ["challenges.cloudflare.com"],
- }
-
  const _headers = {
  "/*": {
  "Cross-Origin-Opener-Policy": "same-origin",
  "Cross-Origin-Embedder-Policy": "require-corp",
- "Content-Security-Policy":
- Object.entries(CSP).map(
- ([directive, values]) => `${directive} ${values.join(' ')}`
- ).flat().join("; "),
  }
  }
 

diff --git a/web/svelte.config.js b/web/svelte.config.js
@@ -1,8 +1,10 @@
-import adapter from '@sveltejs/adapter-static';
-import { mdsvex } from 'mdsvex';
-import { fileURLToPath } from 'node:url';
-import { dirname, join } from 'node:path';
-import { sveltePreprocess } from 'svelte-preprocess';
+import "dotenv/config";
+import adapter from "@sveltejs/adapter-static";
+
+import { mdsvex } from "mdsvex";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+import { sveltePreprocess } from "svelte-preprocess";
 
 /** @type {import('@sveltejs/kit').Config} */
 const config = {
@@ -46,6 +48,37 @@ const config = {
  precompress: false,
  strict: true
  }),
+ csp: {
+ mode: "hash",
+ directives: {
+ "connect-src": ["*"],
+ "default-src": ["none"],
+
+ "font-src": ["self"],
+ "style-src": ["self", "unsafe-inline"],
+ "img-src": ["self", "data:"],
+ "manifest-src": ["self"],
+ "worker-src": ["self"],
+
+ "object-src": ["none"],
+ "frame-src": [
+ "self",
+ "challenges.cloudflare.com"
+ ],
+
+ "script-src": [
+ "self",
+ "wasm-unsafe-eval",
+ "challenges.cloudflare.com",
+
+ // eslint-disable-next-line no-undef
+ process.env.WEB_PLAUSIBLE_HOST ? process.env.WEB_PLAUSIBLE_HOST : "",
+
+ // hash of the theme preloader in app.html
+ "sha256-g67gIjM3G8yMbjbxyc3QUoVsKhdxgcQzCmSKXiZZo6s=",
+ ]
+ }
+ },
  env: {
  publicPrefix: 'WEB_'
  },