Skip to content

Commit 4a007b6

Browse files
dottmpdottmp
authored
fix: fix policies complaints (#147)
1 parent db9ad10 commit 4a007b6

4 files changed

Lines changed: 28 additions & 18 deletions

File tree

src/hooks.server.ts

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,19 @@ import { sequence } from '@sveltejs/kit/hooks';
33

44
import { dev } from '$app/environment';
55

6+
const csp = {
7+
'default-src': ['self'],
8+
'script-src': ['self'],
9+
'style-src': ['self', 'unsafe-hashes', 'sha256-S8qMpvofolR8Mpjy4kQvEm7m1q8clzU4dfDH0AmvZjo='],
10+
'font-src': ['self'],
11+
'img-src': ['self', 'data:', 'https:'],
12+
'connect-src': ['self'],
13+
'object-src': ['none'],
14+
'base-uri': ['self'],
15+
'form-action': ['self'],
16+
'frame-ancestors': ['none']
17+
};
18+
619
const handleHeaders: Handle = async ({ event, resolve }) => {
720
const headers: Record<string, string> = {
821
'X-Frame-Options': 'DENY',
@@ -18,7 +31,12 @@ const handleHeaders: Handle = async ({ event, resolve }) => {
1831
headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains';
1932
}
2033

21-
event.locals.securityHeaders = headers;
34+
event.locals.securityHeaders = {
35+
...headers,
36+
['Content-Security-Policy']: Object.entries(csp)
37+
.map(([directive, sources]) => `${directive} ${sources.join(' ')}`)
38+
.join('; ')
39+
};
2240

2341
const response = await resolve(event);
2442

src/lib/features/awesome-privacy/components/search.svelte

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,10 @@
157157
158158
function handler() {
159159
const hv = window.visualViewport ? window.visualViewport.height : window.innerHeight;
160+
160161
keyboardHeight = Math.max(0, initial - hv);
162+
163+
document.documentElement.style.setProperty('--kb-height', `${keyboardHeight}px`);
161164
}
162165
163166
if (window.visualViewport) {
@@ -266,10 +269,7 @@
266269
</label>
267270

268271
<!-- Results -->
269-
<div
270-
class="flex-1 overflow-y-auto [scrollbar-width:thin]"
271-
style="margin-bottom: {keyboardHeight}px"
272-
>
272+
<div class="mb-[var(--kb-height,0px)] flex-1 overflow-y-auto [scrollbar-width:thin]">
273273
{#snippet entryList(entries: SearchEntry[])}
274274
<ul role="listbox" class="space-y-2 p-2">
275275
{#each entries as entry (entry.href)}

src/routes/security/+page.ts

Lines changed: 0 additions & 12 deletions
This file was deleted.

svelte.config.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,11 @@ const config = {
99
directives: {
1010
'default-src': ['self'],
1111
'script-src': ['self'],
12-
'style-src': ['self'],
12+
'style-src': [
13+
'self',
14+
'unsafe-hashes',
15+
'sha256-S8qMpvofolR8Mpjy4kQvEm7m1q8clzU4dfDH0AmvZjo='
16+
],
1317
'font-src': ['self'],
1418
'img-src': ['self', 'data:', 'https:'],
1519
'connect-src': ['self'],

0 commit comments

Comments
 (0)