![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
sveltekit-helmet is a wrapper for helmet to work with SvelteKit. It provides important security headers to make your app more secure by default.
npm i sveltekit-helmet
# or:
yarn add sveltekit-helmetUsage is the same as helmet, see the helmet documentation for more information.
Warning
Hot reload is blocked by default, you need to allow scriptSrc's
'unsafe-inline' directive to use it.
Just add the following to your src/hooks.server.ts:
import helmet from "sveltekit-helmet";
// With default helmet options
export const handle = helmet();
// With custom helmet options
export const handle = helmet({
contentSecurityPolicy: {
directives: {
scriptSrc: [
"'self'",
"'unsafe-inline'", // Allow SvelteKit hot reload
],
},
},
});
// Works with other middlewares
import { sequence } from "@sveltejs/kit/hooks";
export const handle = sequence(helmet(), fooMiddleware, barMiddleware);Currently, only the full helmet middleware is supported, you can just disable unwanted rules in options instead of using the individual middleware.
sveltekit-helmet currently only supports SvleteKit v2.
If you are using SvelteKit v1, you can open an issue and I will consider adding support for it.
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}