samanthanguyen.me / www
samantha's personal website!~ ✨ samanthanguyen.me
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

add http headers: csp, permission policy, sts

Samantha Nguyen bb6af2e5 dece1fb5

+27 -18
+24
src/hooks.server.ts
··· 1 1 import type { Handle } from '@sveltejs/kit' 2 + import { dev } from '$app/environment' 2 3 4 + // content-security-policy 5 + // compat w/ cloudflare: https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/ 6 + const csp: Record<string, string[]> = { 7 + 'frame-ancestors': ['\'none\''], 8 + 'default-src': ['\'self\''], 9 + 'connect-src': ['\'self\'', 'cloudflareinsights.com'], 10 + 'script-src': ['\'self\'', 'static.cloudflareinsights'], 11 + 'style-src': ['\'self\''], 12 + } 13 + if (dev) { 14 + csp['connect-src'].push('ws:') 15 + csp['script-src'].push('\'unsafe-inline\'') 16 + csp['style-src'].push('\'unsafe-inline\'') 17 + } 18 + 19 + const cspValue = Object.entries(csp) 20 + .map(([key, arr]: [string, string[]]) => `${key} ${arr.join(' ')}`) 21 + .join('; ') 22 + 23 + // ALL the headers 3 24 const httpHeaders = { 25 + 'Content-Security-Policy': cspValue, 26 + 'Permissions-Policy': 'geolocation=(), camera=(), microphone=()', 4 27 'Referrer-Policy': 'strict-origin-when-cross-origin', 28 + 'Strict-Transport-Security': 'max-age=15768000; includeSubdomains', 5 29 'X-Content-Type-Options': 'nosniff', 6 30 'X-Frame-Options': 'DENY', 7 31 'X-XSS-Protection': '0',
+1 -15
src/routes/+layout.svelte
··· 1 1 <script lang="ts"> 2 2 import '../app.css' 3 - // import CommandPalette from '$lib/palette/CommandPalette.svelte' 4 3 let { children } = $props() 5 - // let dialogOpen = $state(false) 6 - // const onKeyDown = (e: KeyboardEvent) => { 7 - // if (e.key === 'k' && (e.metaKey || e.ctrlKey)) { 8 - // e.preventDefault() 9 - // dialogOpen = true 10 - // } 11 - // } 12 4 </script> 13 5 14 6 <svelte:head> 15 7 <title>samanthanguyen.me</title> 16 - <meta 17 - name="description" 18 - content="Samantha Nguyen. An artist, software engineer, and aspiring computer scientist" 19 - /> 8 + <meta name="description" content="Samantha Nguyen. An artist, software engineer, and aspiring computer scientist" /> 20 9 </svelte:head> 21 - <!-- <svelte:document onkeydown={onKeyDown} /> 22 - <CommandPalette bind:open={dialogOpen} /> --> 23 - 24 10 <div 25 11 class={[ 26 12 'mx-8 max-w-lg',
+2 -3
svelte.config.js
··· 8 8 // for more information about preprocessors 9 9 preprocess: [vitePreprocess(), mdsvex()], 10 10 kit: { 11 - // adapter-auto only supports some environments, see https://svelte.dev/docs/kit/adapter-auto for a list. 12 - // If your environment is not supported, or you settled on a specific environment, switch out the adapter. 13 - // See https://svelte.dev/docs/kit/adapters for more information about adapters. 11 + // https://svelte.dev/docs/kit/adapters 12 + // https://svelte.dev/docs/kit/adapter-cloudflare 14 13 adapter: adapter(), 15 14 }, 16 15 extensions: ['.svelte', '.svx'],