nu

2025-08-09 13:51:36 -04:00 · 2025-08-09 13:51:36 -04:00 · d812c6aeab
commit d812c6aeab
parent 875a53f499
8 changed files with 2688 additions and 113 deletions
--- a/frontend/svelte.config.js
+++ b/frontend/svelte.config.js
@ -11,7 +11,6 @@ const config = {
            precompress: false
        }),
        
-        // Security improvements
        csp: {
            mode: 'auto',
            directives: {
@ -19,14 +18,20 @@ const config = {
                'script-src': ["'self'", "'unsafe-inline'"],
                'style-src': ["'self'", "'unsafe-inline'", 'https://cdnjs.cloudflare.com'],
                'img-src': ["'self'", 'data:', 'blob:'],
-                'font-src': ["'self'", 'https://cdnjs.cloudflare.com'],
-                'connect-src': ["'self'", 'ws://localhost', 'wss://localhost', 'http://localhost:*'],
+                'font-src': ["'self'", 'data:', 'https://cdnjs.cloudflare.com'],  // Added 'data:' for embedded fonts
+                'connect-src': [
+                    "'self'", 
+                    'ws://localhost:*',     // Changed to include port wildcard
+                    'wss://localhost:*',    // Changed to include port wildcard
+                    'http://localhost:*'
+                ],
                'media-src': ["'self'", 'blob:', 'http://localhost:*'],
                'object-src': ["'none'"],
                'frame-ancestors': ["'none'"],
                'form-action': ["'self'"],
                'base-uri': ["'self'"]
            }
+        
        },
        
        // Enable CSRF protection (default is true)