Security headers

2026-05-26 20:49:55 +00:00 · 2024-03-08 19:49:19 +00:00
parent aa55b64586
commit 0cade255e9
1 changed files with 26 additions and 0 deletions
@@ -0,0 +1,26 @@
+import type { Handle } from "@sveltejs/kit";
+
+const securityHeaders = {
+    'X-Content-Type-Options': 'nosniff',
+    'X-XSS-Protection': '0',
+
+    "Referrer-Policy": "no-referrer-when-downgrade",
+
+    "Permissions-Policy": "payment=(), geolocation=(self), notifications=(self), push=(self), fullscreen=(self)",
+
+    'Cross-Origin-Embedder-Policy': 'require-corp',
+    'Cross-Origin-Opener-Policy': 'same-origin',
+    'Cross-Origin-Resource-Policy': 'same-origin',
+
+}
+
+export const handle: Handle = async ({ event, resolve }) => {
+    const response = await resolve(event);
+    Object.entries(securityHeaders).forEach(
+        ([header, value]) => response.headers.set(header, value)
+    );
+
+    response.headers.delete("x-sveltekit-page")
+
+    return response;
+}