sveltegram icon indicating copy to clipboard operation
sveltegram copied to clipboard
verified publisher icon amr3k

Question about CSP

Open Mxrk opened this issue 2 years ago • 0 comments

Hey, I tried to get the login widget working - sadly without success because of CSP errors.

Like stated in the readme, I started with the following svelte.config with your added CSP values:

const config = {
	preprocess: vitePreprocess(),
	kit: {
		adapter: adapter({
			routes: {
				include: ['/*'],
				exclude: ['<all>']
			}
		}),
		alias: {
			$components: 'src/lib/components',
			'$components/*': 'src/lib/components/*'
		},
		csp: {
			directives: {
				'script-src': ['self', 'https://telegram.org'],
				'frame-src': ['self', 'https://t.me']
			}
		}
	},
};
export default config;

Sadly with these changes I still got errors, it started with "oauth.telegram.org" so I added that too:

csp: {
			directives: {
				'script-src': ['self', 'https://telegram.org', 'https://oauth.telegram.org'],
				'frame-src': ['self', 'https://t.me', 'https://oauth.telegram.org']
			}
		}

After that I ran into frame ancestors csp errors, also tried to add changes there but I couldn't figure it out. Somehow I feel like I am doing something wrong.

Do you see the problem?

Greetings

Mxrk avatar Aug 09 '23 19:08 Mxrk