@nosecone/sveltekit/index.d.ts

Protect your SvelteKit application with secure headers

import nosecone from "nosecone";
import type { CspDirectives, NoseconeOptions } from "nosecone";
import type { Handle, KitConfig } from "@sveltejs/kit";
export { withVercelToolbar, type NoseconeOptions } from "nosecone";
export declare const defaults: {
    readonly directives: {
        readonly scriptSrc: readonly ["'strict-dynamic'"];
        readonly baseUri: readonly ["'none'"];
        readonly childSrc: readonly ["'none'"];
        readonly connectSrc: readonly ["'self'"];
        readonly defaultSrc: readonly ["'self'"];
        readonly fontSrc: readonly ["'self'"];
        readonly formAction: readonly ["'self'"];
        readonly frameAncestors: readonly ["'none'"];
        readonly frameSrc: readonly ["'none'"];
        readonly imgSrc: readonly ["'self'", "blob:", "data:"];
        readonly manifestSrc: readonly ["'self'"];
        readonly mediaSrc: readonly ["'self'"];
        readonly objectSrc: readonly ["'none'"];
        readonly styleSrc: readonly ["'self'"];
        readonly workerSrc: readonly ["'self'"];
    };
    readonly contentSecurityPolicy: {
        readonly directives: {
            readonly baseUri: readonly ["'none'"];
            readonly childSrc: readonly ["'none'"];
            readonly connectSrc: readonly ["'self'"];
            readonly defaultSrc: readonly ["'self'"];
            readonly fontSrc: readonly ["'self'"];
            readonly formAction: readonly ["'self'"];
            readonly frameAncestors: readonly ["'none'"];
            readonly frameSrc: readonly ["'none'"];
            readonly imgSrc: readonly ["'self'", "blob:", "data:"];
            readonly manifestSrc: readonly ["'self'"];
            readonly mediaSrc: readonly ["'self'"];
            readonly objectSrc: readonly ["'none'"];
            readonly scriptSrc: readonly ["'self'"];
            readonly styleSrc: readonly ["'self'"];
            readonly workerSrc: readonly ["'self'"];
        };
    };
    readonly crossOriginEmbedderPolicy: {
        readonly policy: "require-corp";
    };
    readonly crossOriginOpenerPolicy: {
        readonly policy: "same-origin";
    };
    readonly crossOriginResourcePolicy: {
        readonly policy: "same-origin";
    };
    readonly originAgentCluster: true;
    readonly referrerPolicy: {
        readonly policy: readonly ["no-referrer"];
    };
    readonly strictTransportSecurity: {
        readonly maxAge: number;
        readonly includeSubDomains: true;
        readonly preload: false;
    };
    readonly xContentTypeOptions: true;
    readonly xDnsPrefetchControl: {
        readonly allow: false;
    };
    readonly xDownloadOptions: true;
    readonly xFrameOptions: {
        readonly action: "sameorigin";
    };
    readonly xPermittedCrossDomainPolicies: {
        readonly permittedPolicies: "none";
    };
    readonly xXssProtection: true;
};
export default nosecone;
/**
 * Create a SvelteKit hook that sets secure headers on every request.
 *
 * @param options: Configuration to provide to Nosecone
 * @returns A SvelteKit hook that sets secure headers
 */
export declare function createHook(options?: NoseconeOptions): Handle;
type SvelteKitCsp = Exclude<KitConfig["csp"], undefined>;
export type ContentSecurityPolicyConfig = {
    mode?: SvelteKitCsp["mode"];
    directives?: CspDirectives;
};
export declare function csp(options?: ContentSecurityPolicyConfig): SvelteKitCsp;