Files
cryptgeon/packages
cupcakearmy 0c33f2f34c feat: enable strict CSP with nonce-based script-src
Replaces the disabled CSP middleware with a working implementation:
- Generates a per-request nonce for script-src
- Injects nonce into the inline SvelteKit bootstrap script
- Uses 'strict-dynamic' so dynamically imported modules are trusted
- SPA fallback serves index.html with CSP header
2026-06-25 21:34:25 +01:00
..
2026-06-25 21:01:10 +01:00