import adapter from '@sveltejs/adapter-node'; import { vitePreprocess } from '@sveltejs/vite-plugin-svelte'; /** @type {import('@sveltejs/kit').Config} */ const config = { preprocess: vitePreprocess(), kit: { adapter: adapter({ out: 'build', precompress: false }), csp: { mode: 'auto', directives: { 'default-src': ["'self'"], 'script-src': ["'self'", 'https://www.youtube.com'], // Note: 'unsafe-inline' required because Svelte uses inline styles for transitions and dynamic bindings 'style-src': ["'self'", "'unsafe-inline'", 'https://cdnjs.cloudflare.com'], 'img-src': ["'self'", 'data:', 'blob:', 'https://img.youtube.com', 'https://i.ytimg.com'], 'font-src': ["'self'", 'data:', 'https://cdnjs.cloudflare.com'], 'connect-src': [ "'self'", 'ws://*:*', // Allow any WebSocket 'wss://*:*', // Allow any secure WebSocket 'http://*:*', // Allow any HTTP (for dev and streaming) 'https://*:*', // Allow any HTTPS 'https://www.youtube.com' ], 'media-src': ["'self'", 'blob:', 'http://*:*', 'https://*:*'], 'frame-src': ["'self'", 'blob:', 'https://www.youtube.com'], 'object-src': ["'none'"], 'frame-ancestors': ["'none'"], 'form-action': ["'self'"], 'base-uri': ["'self'"] } }, // Enable CSRF protection (default is true) csrf: { checkOrigin: true }, // Environment variable configuration env: { publicPrefix: 'VITE_' // This is already correct }, // Ensure default appDir is used (don't override) // appDir: '_app' // This is the default, no need to set // Performance: prerender error pages prerender: { entries: ['/'], handleHttpError: ({ path, referrer, message }) => { // Log errors but don't fail build console.warn(`${path} (${referrer}) - ${message}`); } } } }; export default config;