You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: enforce Content-Security-Policy instead of report-only mode (#126)
Rename the `reportOnly` key to `directives` in the SvelteKit `csp` config so
browsers enforce the Content-Security-Policy rather than only reporting
violations. `report-uri` is retained inside the enforced directives so
blocked-violation reports still reach /api/csp-report.
Update tests/unit/csp-config.test.ts to assert the enforced (`directives`)
mode.
Refs #124
Co-authored-by: dobby-yivi-agent[bot] <275734547+dobby-yivi-agent[bot]@users.noreply.github.com>
0 commit comments