Protect your SvelteKit application with secure headers.
npm install -S @nosecone/sveltekitUpdate your svelte.config.js file for csp:
import adapter from "@sveltejs/adapter-auto";
import { vitePreprocess } from "@sveltejs/vite-plugin-svelte";
+ import { csp } from "@nosecone/sveltekit"
/** @type {import('@sveltejs/kit').Config} */
const config = {
// Consult https://kit.svelte.dev/docs/integrations#preprocessors
// for more information about preprocessors
preprocess: vitePreprocess(),
kit: {
+ csp: csp(),
// adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
// If your environment is not supported, or you settled on a specific environment, switch out the adapter.
// See https://kit.svelte.dev/docs/adapters for more information about adapters.
adapter: adapter(),
},
};
export default config;Create a src/hooks.server.ts file with the contents:
import { createHook } from "@nosecone/sveltekit";
import { sequence } from "@sveltejs/kit/hooks";
export const handle = sequence(
createHook(),
// ... other hooks can go here
);Licensed under the Apache License, Version 2.0.