From 1031752e901b1e3eb2e23210161652266a4ac071 Mon Sep 17 00:00:00 2001
From: Anders Jensen-Urstad <anders.jensen-urstad@kb.se>
Date: Wed, 3 Jul 2024 13:43:26 +0200
Subject: [PATCH] Add Content-Security-Policy to svelte config

---
 lxl-web/svelte.config.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lxl-web/svelte.config.js b/lxl-web/svelte.config.js
index 863739e27..90f1c4d2f 100644
--- a/lxl-web/svelte.config.js
+++ b/lxl-web/svelte.config.js
@@ -15,6 +15,17 @@ const config = {
 		adapter: adapter(),
 		paths: {
 			relative: false
+		},
+		csp: {
+			directives: {
+				'default-src': ['self'],
+				'script-src': ['self', 'https://analytics.kb.se'],
+				'style-src': ['self', 'unsafe-inline'],
+				'base-uri': ['self'],
+				'form-action': ['self'],
+				'frame-ancestors': ['none'],
+				'img-src': ['self', 'kb.se', '*.kb.se', 'data:']
+			}
 		}
 	}
 };