Open Cloudef opened 6 months ago
When using svelte with csp and html-minifier adapter with minifyCSS or minifyJS enabled, the hash of the inline styles and js scripts might change. The minifier should calculate the hash of the inline css / script before and after transformation and replace the hash in the CSP header with the new one.
Some other options may affect the contents of inline scripts and css, such as quoteCharacter and collapseWhitespace
the CSP (hash and nonce) is generated from this class
as I check it's only called by server.respond
, not sure if it's only supported on SSR.
I think the best way to solve is not the adaptor but instead, add the HTML manify function in the SvelteKit.
Some hacky way to replace the hash might work. Or maybe move to minify before the main Adaptor but that will not include minify the inline CSS/JS.
When using svelte with csp and html-minifier adapter with minifyCSS or minifyJS enabled, the hash of the inline styles and js scripts might change. The minifier should calculate the hash of the inline css / script before and after transformation and replace the hash in the CSP header with the new one.
Some other options may affect the contents of inline scripts and css, such as quoteCharacter and collapseWhitespace