Skip to content

fix: support WebSocket protocol and Trusted Types Eval for CSP sources#15938

Open
ThaUnknown wants to merge 6 commits into
sveltejs:mainfrom
ThaUnknown:main
Open

fix: support WebSocket protocol and Trusted Types Eval for CSP sources#15938
ThaUnknown wants to merge 6 commits into
sveltejs:mainfrom
ThaUnknown:main

Conversation

@ThaUnknown
Copy link
Copy Markdown

@ThaUnknown ThaUnknown commented Jun 1, 2026
edited
Loading

could not find an issue which references this problem

currently defining websockets inside CSP directives will throw a type error:
image
additionally base sources don't support trusted-types-eval, which is part of the spec https://www.w3.org/TR/CSP3/#grammardef-keyword-source
there are also other missing values, however I have not used them, so I don't know how to verify them

this fixes that, its a very minor change

unsure if this should be a fix or a chore, as in theory it doesn't change any runtime behavior, and is only development tooling related

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

Edits

  • Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Jun 1, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 4d27510

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@svelte-docs-bot
Copy link
Copy Markdown

svelte-docs-bot Bot commented Jun 1, 2026

Preview: https://svelte-dev-git-preview-kit-15938-svelte.vercel.app/

@ThaUnknown ThaUnknown marked this pull request as ready for review June 1, 2026 12:50
vercel[bot]
vercel Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread packages/kit/types/index.d.ts Outdated
Comment thread packages/kit/src/types/private.d.ts
@ThaUnknown ThaUnknown changed the title fix: support WebSocket protocol for CSP scheme sources fix: support WebSocket protocol and Trusted Types Eval for CSP sources Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vercel vercel[bot] vercel[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThaUnknown