cupcakearmy
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/backend/Cargo.lock‎
Lines changed: 1 addition & 1 deletion b/‎packages/backend/Cargo.lock‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/backend/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎packages/backend/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/backend/src/csp.rs‎
Lines changed: 16 additions & 0 deletions b/‎packages/backend/src/csp.rs‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎packages/backend/src/main.rs‎
Lines changed: 7 additions & 0 deletions b/‎packages/backend/src/main.rs‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎packages/cli/package.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/cli/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/frontend/package.json‎
Lines changed: 13 additions & 13 deletions b/‎packages/frontend/package.json‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎packages/frontend/src/lib/icons/IconContrast.svelte‎
Lines changed: 2 additions & 0 deletions b/‎packages/frontend/src/lib/icons/IconContrast.svelte‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/frontend/src/lib/icons/IconCopy.svelte‎
Lines changed: 2 additions & 0 deletions b/‎packages/frontend/src/lib/icons/IconCopy.svelte‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/frontend/src/lib/icons/IconDice.svelte‎
Lines changed: 2 additions & 0 deletions b/‎packages/frontend/src/lib/icons/IconDice.svelte‎
Lines changed: 2 additions & 0 deletions
@@ -17,5 +17,5 @@
     "npm-run-all": "^4.1.5",
     "shelljs": "^0.8.5"
   },
-  "packageManager": "pnpm@9.11.0"
+  "packageManager": "pnpm@9.15.4"
 }
@@ -1,6 +1,6 @@
 [package]
 name = "cryptgeon"
-version = "2.8.4"
+version = "2.9.0"
 authors = ["cupcakearmy <[email protected]>"]
 edition = "2021"
 rust-version = "1.80"
 
@@ -0,0 +1,16 @@
+use axum::{body::Body, extract::Request, http::HeaderValue, middleware::Next, response::Response};
+
+const CUSTOM_HEADER_NAME: &str = "Content-Security-Policy";
+const CUSTOM_HEADER_VALUE: &str = "default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' data:; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';";
+
+lazy_static! {
+    static ref HEADER_VALUE: HeaderValue = HeaderValue::from_static(CUSTOM_HEADER_VALUE);
+}
+
+pub async fn add_csp_header(request: Request<Body>, next: Next) -> Response {
+    let mut response = next.run(request).await;
+    response
+        .headers_mut()
+        .append(CUSTOM_HEADER_NAME, HEADER_VALUE.clone());
+    response
+}
@@ -1,7 +1,11 @@
 use std::{collections::HashMap, sync::Arc};
 
 use axum::{
+    body::Body,
     extract::{DefaultBodyLimit, Request},
+    http::HeaderValue,
+    middleware::{self, Next},
+    response::Response,
     routing::{delete, get, post},
     Router, ServiceExt,
 };
@@ -19,6 +23,7 @@ use tower_http::{
 extern crate lazy_static;
 
 mod config;
+mod csp;
 mod health;
 mod lock;
 mod note;
@@ -55,6 +60,8 @@ async fn main() {
     let app = Router::new()
         .nest("/api", api_routes)
         .fallback_service(serve_dir)
+        // Disabled for now, as svelte inlines scripts
+        // .layer(middleware::from_fn(csp::add_csp_header))
         .layer(DefaultBodyLimit::max(*config::LIMIT))
         .layer(
             CompressionLayer::new()
 
@@ -1,6 +1,6 @@
 {
   "name": "cryptgeon",
-  "version": "2.8.4",
+  "version": "2.9.0",
   "homepage": "https://github.com/cupcakearmy/cryptgeon",
   "repository": {
     "type": "git",
 
@@ -13,23 +13,23 @@
 	},
 	"type": "module",
 	"devDependencies": {
-		"@lokalise/node-api": "^12.1.0",
-		"@sveltejs/adapter-static": "^3.0.1",
-		"@sveltejs/kit": "^2.5.2",
-		"@sveltejs/vite-plugin-svelte": "^3.0.2",
-		"@zerodevx/svelte-toast": "^0.9.5",
-		"adm-zip": "^0.5.10",
-		"dotenv": "^16.4.5",
-		"svelte": "^4.2.12",
-		"svelte-check": "^3.6.6",
+		"@lokalise/node-api": "^13.0.0",
+		"@sveltejs/adapter-static": "^3.0.8",
+		"@sveltejs/kit": "^2.16.0",
+		"@sveltejs/vite-plugin-svelte": "^5.0.3",
+		"@zerodevx/svelte-toast": "^0.9.6",
+		"adm-zip": "^0.5.16",
+		"dotenv": "^16.4.7",
+		"svelte": "^5.19.0",
+		"svelte-check": "^4.1.4",
 		"svelte-intl-precompile": "^0.12.3",
-		"tslib": "^2.6.2",
-		"typescript": "^5.3.3",
-		"vite": "^5.1.7"
+		"tslib": "^2.8.1",
+		"typescript": "^5.7.3",
+		"vite": "^6.0.7"
 	},
 	"dependencies": {
+		"@fontsource/fira-mono": "^5.1.1",
 		"cryptgeon": "workspace:*",
-		"@fontsource/fira-mono": "^5.0.8",
 		"occulto": "^2.0.6",
 		"pretty-bytes": "^6.1.1",
 		"qrious": "^4.0.2"
 
@@ -1,3 +1,5 @@
+<script lang="ts"></script>
+
 <svg xmlns="http://www.w3.org/2000/svg" class="ionicon" viewBox="0 0 512 512"
 	><title>Contrast</title><path
 		d="M256 32C132.29 32 32 132.29 32 256s100.29 224 224 224 224-100.29 224-224S379.71 32 256 32zM128.72 383.28A180 180 0 01256 76v360a178.82 178.82 0 01-127.28-52.72z"
 
@@ -1,3 +1,5 @@
+<script lang="ts"></script>
+
 <svg xmlns="http://www.w3.org/2000/svg" class="ionicon" viewBox="0 0 512 512"
 	><title>Copy</title><path
 		d="M456 480H136a24 24 0 01-24-24V128a16 16 0 0116-16h328a24 24 0 0124 24v320a24 24 0 01-24 24z"
 
@@ -1,3 +1,5 @@
+<script lang="ts"></script>
+
 <svg xmlns="http://www.w3.org/2000/svg" class="ionicon" viewBox="0 0 512 512"
 	><title>Dice</title><path
 		d="M48 366.92L240 480V284L48 170zM192 288c8.84 0 16 10.75 16 24s-7.16 24-16 24-16-10.75-16-24 7.16-24 16-24zm-96 32c8.84 0 16 10.75 16 24s-7.16 24-16 24-16-10.75-16-24 7.16-24 16-24zM272 284v196l192-113.08V170zm48 140c-8.84 0-16-10.75-16-24s7.16-24 16-24 16 10.75 16 24-7.16 24-16 24zm0-88c-8.84 0-16-10.75-16-24s7.16-24 16-24 16 10.75 16 24-7.16 24-16 24zm96 32c-8.84 0-16-10.75-16-24s7.16-24 16-24 16 10.75 16 24-7.16 24-16 24zm0-88c-8.84 0-16-10.75-16-24s7.16-24 16-24 16 10.75 16 24-7.16 24-16 24zm32 77.64zM256 32L64 144l192 112 192-112zm0 120c-13.25 0-24-7.16-24-16s10.75-16 24-16 24 7.16 24 16-10.75 16-24 16z"
Original file line number	Diff line number	Diff line change
`@@ -17,5 +17,5 @@`
`17`	`17`	`"npm-run-all": "^4.1.5",`
`18`	`18`	`"shelljs": "^0.8.5"`
`19`	`19`	`},`
`20`		`- "packageManager": "pnpm@9.11.0"`
	`20`	`+ "packageManager": "pnpm@9.15.4"`
`21`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "cryptgeon",`
`3`		`- "version": "2.8.4",`
	`3`	`+ "version": "2.9.0",`
`4`	`4`	`"homepage": "https://github.com/cupcakearmy/cryptgeon",`
`5`	`5`	`"repository": {`
`6`	`6`	`"type": "git",`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+<script lang="ts"></script>`
	`2`	`+`
`1`	`3`	`<svg xmlns="http://www.w3.org/2000/svg" class="ionicon" viewBox="0 0 512 512"`
`2`	`4`	`><title>Contrast</title><path`
`3`	`5`	`d="M256 32C132.29 32 32 132.29 32 256s100.29 224 224 224 224-100.29 224-224S379.71 32 256 32zM128.72 383.28A180 180 0 01256 76v360a178.82 178.82 0 01-127.28-52.72z"`