update readme & demo csp for vercel

IslamZaoui · Sep 29, 2024 · 27f21a8 · 27f21a8
1 parent 95cf27f
commit 27f21a8
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -62,7 +62,7 @@ export const handle = sequence(
         headers: {
             ...
         }
-    }),
+    }).handle,
     yourOtherHandle
 );
 ```
@@ -78,9 +78,9 @@ import { securityHeaders } from '@islamzaoui/securekit';
 export const handle = securityHeaders({
     headers: {
         'Access-Control-Allow-Origin': 'https://yoursite.com',
-        'x-sveltekit-page': null, // this will be deleted
+        'x-sveltekit-page': null, // this will be deleted from response haeders
     },
-});
+}).handle;
 ```
 
 ## Content Security Policy header
@@ -98,6 +98,9 @@ your can use `csp` option in `securityHeaders` to set the `Content-Security-Poli
 import { securityHeaders } from '@islamzaoui/securekit';
 
 export const handle = securityHeaders({
+    headers:{
+        ...
+    },
     csp: {
         directives: {
             'script-src': ["'self'",'https://example.com'],

diff --git a/apps/demo/src/app.html b/apps/demo/src/app.html
@@ -8,6 +8,6 @@
 		%sveltekit.head%
 	</head>
 	<body data-sveltekit-preload-data="hover">
-		<div style="display: contents">%sveltekit.body%</div>
+		<div class="contents">%sveltekit.body%</div>
 	</body>
 </html>
diff --git a/apps/demo/src/hooks.server.ts b/apps/demo/src/hooks.server.ts
@@ -13,18 +13,18 @@ export const handle = securityHeaders({
 		directives: {
 			'base-uri': ["'self'"],
 			'child-src': ["'self'"],
-			'connect-src': ["'self'", 'ws://localhost:*'],
+			'connect-src': ["'self'", 'ws://localhost:*', "wss://ws-us3.pusher.com", "https://sockjs-us3.pusher.com"],
 			'img-src': ["'self'", 'data:'],
 			'font-src': ["'self'", 'data:'],
 			'form-action': ["'self'"],
 			'frame-ancestors': ["'self'"],
-			'frame-src': ["'self'"],
+			'frame-src': ["'self'", 'https://vercel.live'],
 			'manifest-src': ["'self'"],
 			'media-src': ["'self'", 'data:'],
 			'object-src': ["'none'"],
-			'style-src': ["'self'"],
+			'style-src': ["'self'", "'unsafe-inline'", "https://vercel.live"],
 			'default-src': ["'self'", origin],
-			'script-src': ["'self'"],
+			'script-src': ["'self'", 'https://vercel.live'],
 			'worker-src': ["'self'"]
 		}
 	},