diff --git a/package-lock.json b/package-lock.json index 7579151..d0baaba 100644 --- a/package-lock.json +++ b/package-lock.json @@ -28,7 +28,7 @@ "devDependencies": { "@iconify-json/mdi": "^1.2.3", "@sveltejs/adapter-node": "^5.2.12", - "@sveltejs/kit": "^2.21.4", + "@sveltejs/kit": "^2.65.0", "@sveltejs/vite-plugin-svelte": "^5.0.3", "@tailwindcss/vite": "^4.1.18", "@types/node": "^22.10.0", @@ -1952,18 +1952,18 @@ } }, "node_modules/@sveltejs/kit": { - "version": "2.55.0", - "resolved": "https://registry.npmjs.org/@sveltejs/kit/-/kit-2.55.0.tgz", - "integrity": "sha512-MdFRjevVxmAknf2NbaUkDF16jSIzXMWd4Nfah0Qp8TtQVoSp3bV4jKt8mX7z7qTUTWvgSaxtR0EG5WJf53gcuA==", + "version": "2.65.0", + "resolved": "https://registry.npmjs.org/@sveltejs/kit/-/kit-2.65.0.tgz", + "integrity": "sha512-nUWJ4dSKNo8mIOh+HTL+XyRj8FX9Dyb1ayBxj4q9+WrTJfn4jfTt21p3WUFTnnmdnt9xAXpBKLQ+H9y41x0X7Q==", "dev": true, "license": "MIT", "dependencies": { "@standard-schema/spec": "^1.0.0", - "@sveltejs/acorn-typescript": "^1.0.5", + "@sveltejs/acorn-typescript": "^1.0.9", "@types/cookie": "^0.6.0", - "acorn": "^8.14.1", + "acorn": "^8.16.0", "cookie": "^0.6.0", - "devalue": "^5.6.4", + "devalue": "^5.8.1", "esm-env": "^1.2.2", "kleur": "^4.1.5", "magic-string": "^0.30.5", @@ -1981,7 +1981,7 @@ "@opentelemetry/api": "^1.0.0", "@sveltejs/vite-plugin-svelte": "^3.0.0 || ^4.0.0-next.1 || ^5.0.0 || ^6.0.0-next.0 || ^7.0.0", "svelte": "^4.0.0 || ^5.0.0-next.0", - "typescript": "^5.3.3", + "typescript": "^5.3.3 || ^6.0.0", "vite": "^5.0.3 || ^6.0.0 || ^7.0.0-beta.0 || ^8.0.0" }, "peerDependenciesMeta": { @@ -3167,9 +3167,9 @@ } }, "node_modules/devalue": { - "version": "5.6.4", - "resolved": "https://registry.npmjs.org/devalue/-/devalue-5.6.4.tgz", - "integrity": "sha512-Gp6rDldRsFh/7XuouDbxMH3Mx8GMCcgzIb1pDTvNyn8pZGQ22u+Wa+lGV9dQCltFQ7uVw0MhRyb8XDskNFOReA==", + "version": "5.8.1", + "resolved": "https://registry.npmjs.org/devalue/-/devalue-5.8.1.tgz", + "integrity": "sha512-4CXDYRBGqN+57wVJkuXBYmpAVUSg3L6JAQa/DFqm238G73E1wuyc/JhGQJzN7vUf/CMphYau2zXbfWzDR5aTEw==", "license": "MIT" }, "node_modules/dijkstrajs": { diff --git a/package.json b/package.json index 75f2b9e..9c3b2e1 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "devDependencies": { "@iconify-json/mdi": "^1.2.3", "@sveltejs/adapter-node": "^5.2.12", - "@sveltejs/kit": "^2.21.4", + "@sveltejs/kit": "^2.65.0", "@sveltejs/vite-plugin-svelte": "^5.0.3", "@tailwindcss/vite": "^4.1.18", "@types/node": "^22.10.0", diff --git a/svelte.config.js b/svelte.config.js index a4fc7e1..e36a1cd 100644 --- a/svelte.config.js +++ b/svelte.config.js @@ -5,6 +5,14 @@ const config = { preprocess: vitePreprocess(), kit: { adapter: adapter(), + csrf: { + // SvelteKits Origin-Check vergleicht gegen env ORIGIN (non-www, + // kanonisch — Caddy redirected www → non-www). www als Fallback + // vertrauen, falls ein Client den Redirect umgeht; multipart-POSTs + // (Mitmachen-Formular) liefen sonst in "Cross-site POST form + // submissions are forbidden". Die API-Routen prüfen Origin zusätzlich. + trustedOrigins: ['https://www.windwiderstand.de'], + }, }, };