withastro
diff --git a/‎.changeset/tiny-books-scream.md‎
Lines changed: 8 additions & 0 deletions b/‎.changeset/tiny-books-scream.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎packages/astro/e2e/csp-client-only.test.js‎
Lines changed: 1 addition & 1 deletion b/‎packages/astro/e2e/csp-client-only.test.js‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/astro/e2e/fixtures/csp-server-islands/astro.config.mjs‎
Lines changed: 1 addition & 1 deletion b/‎packages/astro/e2e/fixtures/csp-server-islands/astro.config.mjs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/astro/src/assets/fonts/vite-plugin-fonts.ts‎
Lines changed: 2 additions & 2 deletions b/‎packages/astro/src/assets/fonts/vite-plugin-fonts.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/astro/src/assets/vite-plugin-assets.ts‎
Lines changed: 5 additions & 4 deletions b/‎packages/astro/src/assets/vite-plugin-assets.ts‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎packages/astro/src/content/vite-plugin-content-assets.ts‎
Lines changed: 3 additions & 2 deletions b/‎packages/astro/src/content/vite-plugin-content-assets.ts‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎packages/astro/src/content/vite-plugin-content-virtual-mod.ts‎
Lines changed: 2 additions & 1 deletion b/‎packages/astro/src/content/vite-plugin-content-virtual-mod.ts‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎packages/astro/src/core/build/generate.ts‎
Lines changed: 1 addition & 1 deletion b/‎packages/astro/src/core/build/generate.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/astro/src/core/build/plugins/plugin-manifest.ts‎
Lines changed: 7 additions & 7 deletions b/‎packages/astro/src/core/build/plugins/plugin-manifest.ts‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎packages/astro/src/core/config/schemas/base.ts‎
Lines changed: 24 additions & 24 deletions b/‎packages/astro/src/core/config/schemas/base.ts‎
Lines changed: 24 additions & 24 deletions
@@ -0,0 +1,8 @@
+---
+'@astrojs/netlify': minor
+'@astrojs/vercel': minor
+'@astrojs/node': minor
+'astro': minor
+---
+
+Removes the `experimental.csp` flag and replaces it with a new configuration option `security.csp` - ([v6 upgrade guidance](https://v6.docs.astro.build/en/guides/upgrade-to/v6/#experimental-flags))
@@ -3,7 +3,7 @@ import { testFactory } from './test-utils.js';
 
 const test = testFactory(import.meta.url, {
 	root: './fixtures/client-only/',
-	experimental: {
+	security: {
 		csp: true,
 	},
 });
 
@@ -10,7 +10,7 @@ export default defineConfig({
 	adapter: nodejs({ mode: 'standalone' }),
 	integrations: [react(), mdx()],
 	trailingSlash: process.env.TRAILING_SLASH ?? 'always',
-	experimental: {
+	security: {
 		csp: true
 	}
 });
@@ -188,8 +188,8 @@ export function fontsPlugin({ settings, sync, logger }: Options): Plugin {
 		consumableMap = res.consumableMap;
 
 		// Handle CSP
-		if (shouldTrackCspHashes(settings.config.experimental.csp)) {
-			const algorithm = getAlgorithm(settings.config.experimental.csp);
+		if (shouldTrackCspHashes(settings.config.security.csp)) {
+			const algorithm = getAlgorithm(settings.config.security.csp);
 
 			// Generate a hash for each style we generate
 			for (const { css } of internalConsumableMap.values()) {
 
@@ -22,6 +22,7 @@ import { emitImageMetadata, hashTransform, propsToFilename } from './utils/node.
 import { getProxyCode } from './utils/proxy.js';
 import { makeSvgComponent } from './utils/svg.js';
 import { createPlaceholderURL, stringifyPlaceholderURL } from './utils/url.js';
+import { isAstroServerEnvironment } from '../environments.js';
 
 const resolvedVirtualModuleId = '\0' + VIRTUAL_MODULE_ID;
 
@@ -126,9 +127,9 @@ export default function assets({ fs, settings, sync, logger }: Options): vite.Pl
 			config(_, env) {
 				isBuild = env.command === 'build';
 			},
-			async resolveId(id, _importer, options) {
+			async resolveId(id, _importer) {
 				if (id === VIRTUAL_SERVICE_ID) {
-					if (options?.ssr) {
+					if (isAstroServerEnvironment(this.environment)) {
 						return await this.resolve(settings.config.image.service.entrypoint);
 					}
 					return await this.resolve('astro/assets/services/noop');
@@ -230,7 +231,7 @@ export default function assets({ fs, settings, sync, logger }: Options): vite.Pl
 			configResolved(viteConfig) {
 				resolvedConfig = viteConfig;
 			},
-			async load(id, options) {
+			async load(id) {
 				if (assetRegex.test(id)) {
 					if (!globalThis.astroAsset.referencedImages)
 						globalThis.astroAsset.referencedImages = new Set();
@@ -260,7 +261,7 @@ export default function assets({ fs, settings, sync, logger }: Options): vite.Pl
 					// We can only reliably determine if an image is used on the server, as we need to track its usage throughout the entire build.
 					// Since you cannot use image optimization on the client anyway, it's safe to assume that if the user imported
 					// an image on the client, it should be present in the final build.
-					if (options?.ssr) {
+					if (isAstroServerEnvironment(this.environment)) {
 						if (id.endsWith('.svg')) {
 							const contents = await fs.promises.readFile(imageMetadata.fsPath, {
 								encoding: 'utf8',
 
@@ -20,6 +20,7 @@ import {
 import { hasContentFlag } from './utils.js';
 import { joinPaths, prependForwardSlash, slash } from '@astrojs/internal-helpers/path';
 import { ASTRO_VITE_ENVIRONMENT_NAMES } from '../core/constants.js';
+import { isAstroServerEnvironment } from '../environments.js';
 
 export function astroContentAssetPropagationPlugin({
 	settings,
@@ -74,14 +75,14 @@ export function astroContentAssetPropagationPlugin({
 				server.environments[ASTRO_VITE_ENVIRONMENT_NAMES.ssr] as RunnableDevEnvironment,
 			);
 		},
-		async transform(_, id, options) {
+		async transform(_, id) {
 			if (hasContentFlag(id, PROPAGATED_ASSET_FLAG)) {
 				const basePath = id.split('?')[0];
 				let stringifiedLinks: string, stringifiedStyles: string;
 
 				// We can access the server in dev,
 				// so resolve collected styles and scripts here.
-				if (options?.ssr && devModuleLoader) {
+				if (isAstroServerEnvironment(this.environment) && devModuleLoader) {
 					if (!devModuleLoader.getModuleById(basePath)?.ssrModule) {
 						await devModuleLoader.import(basePath);
 					}
 
@@ -23,6 +23,7 @@ import {
 } from './consts.js';
 import { getDataStoreFile } from './content-layer.js';
 import { getContentPaths, isDeferredModule } from './utils.js';
+import { isAstroClientEnvironment } from '../environments.js';
 
 interface AstroContentVirtualModPluginParams {
 	settings: AstroSettings;
@@ -113,7 +114,7 @@ export function astroContentVirtualModPlugin({
 		},
 		async load(id) {
 			if (id === RESOLVED_VIRTUAL_MODULE_ID) {
-				const isClient = this.environment.name === ASTRO_VITE_ENVIRONMENT_NAMES.client;
+				const isClient = isAstroClientEnvironment(this.environment);
 				const code = await generateContentEntryFile({
 					settings,
 					fs,
 
@@ -612,7 +612,7 @@ async function generatePath(
 
 	if (
 		settings.adapter?.adapterFeatures?.experimentalStaticHeaders &&
-		settings.config.experimental?.csp
+		settings.config.security?.csp
 	) {
 		routeToHeaders.set(pathname, { headers: responseHeaders, route: integrationRoute });
 	}
 
@@ -301,14 +301,14 @@ async function buildManifest(
 
 	let csp: SSRManifestCSP | undefined = undefined;
 
-	if (shouldTrackCspHashes(settings.config.experimental.csp)) {
-		const algorithm = getAlgorithm(settings.config.experimental.csp);
+	if (shouldTrackCspHashes(settings.config.security.csp)) {
+		const algorithm = getAlgorithm(settings.config.security.csp);
 		const scriptHashes = [
-			...getScriptHashes(settings.config.experimental.csp),
+			...getScriptHashes(settings.config.security.csp),
 			...(await trackScriptHashes(internals, settings, algorithm)),
 		];
 		const styleHashes = [
-			...getStyleHashes(settings.config.experimental.csp),
+			...getStyleHashes(settings.config.security.csp),
 			...settings.injectedCsp.styleHashes,
 			...(await trackStyleHashes(internals, settings, algorithm)),
 		];
@@ -318,12 +318,12 @@ async function buildManifest(
 				? 'adapter'
 				: undefined,
 			scriptHashes,
-			scriptResources: getScriptResources(settings.config.experimental.csp),
+			scriptResources: getScriptResources(settings.config.security.csp),
 			styleHashes,
-			styleResources: getStyleResources(settings.config.experimental.csp),
+			styleResources: getStyleResources(settings.config.security.csp),
 			algorithm,
 			directives: getDirectives(settings),
-			isStrictDynamic: getStrictDynamic(settings.config.experimental.csp),
+			isStrictDynamic: getStrictDynamic(settings.config.security.csp),
 		};
 	}
 
 
@@ -89,6 +89,7 @@ export const ASTRO_CONFIG_DEFAULTS = {
 	security: {
 		checkOrigin: true,
 		allowedDomains: [],
+		csp: false,
 	},
 	env: {
 		schema: {},
@@ -99,7 +100,6 @@ export const ASTRO_CONFIG_DEFAULTS = {
 	experimental: {
 		clientPrerender: false,
 		contentIntellisense: false,
-		csp: false,
 		chromeDevtoolsWorkspace: false,
 		svgo: false,
 	},
@@ -433,6 +433,29 @@ export const AstroConfigSchema = z.object({
 				)
 				.optional()
 				.default(ASTRO_CONFIG_DEFAULTS.security.allowedDomains),
+			csp: z
+				.union([
+					z.boolean().optional().default(ASTRO_CONFIG_DEFAULTS.security.csp),
+					z.object({
+						algorithm: cspAlgorithmSchema,
+						directives: z.array(allowedDirectivesSchema).optional(),
+						styleDirective: z
+							.object({
+								resources: z.array(z.string()).optional(),
+								hashes: z.array(cspHashSchema).optional(),
+							})
+							.optional(),
+						scriptDirective: z
+							.object({
+								resources: z.array(z.string()).optional(),
+								hashes: z.array(cspHashSchema).optional(),
+								strictDynamic: z.boolean().optional(),
+							})
+							.optional(),
+					}),
+				])
+				.optional()
+				.default(ASTRO_CONFIG_DEFAULTS.security.csp),
 		})
 		.optional()
 		.default(ASTRO_CONFIG_DEFAULTS.security),
@@ -483,29 +506,6 @@ export const AstroConfigSchema = z.object({
 				.optional()
 				.default(ASTRO_CONFIG_DEFAULTS.experimental.contentIntellisense),
 			fonts: z.array(z.union([localFontFamilySchema, remoteFontFamilySchema])).optional(),
-			csp: z
-				.union([
-					z.boolean().optional().default(ASTRO_CONFIG_DEFAULTS.experimental.csp),
-					z.object({
-						algorithm: cspAlgorithmSchema,
-						directives: z.array(allowedDirectivesSchema).optional(),
-						styleDirective: z
-							.object({
-								resources: z.array(z.string()).optional(),
-								hashes: z.array(cspHashSchema).optional(),
-							})
-							.optional(),
-						scriptDirective: z
-							.object({
-								resources: z.array(z.string()).optional(),
-								hashes: z.array(cspHashSchema).optional(),
-								strictDynamic: z.boolean().optional(),
-							})
-							.optional(),
-					}),
-				])
-				.optional()
-				.default(ASTRO_CONFIG_DEFAULTS.experimental.csp),
 			chromeDevtoolsWorkspace: z
 				.boolean()
 				.optional()
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ export default defineConfig({`
`10`	`10`	`adapter: nodejs({ mode: 'standalone' }),`
`11`	`11`	`integrations: [react(), mdx()],`
`12`	`12`	`trailingSlash: process.env.TRAILING_SLASH ?? 'always',`
`13`		`- experimental: {`
	`13`	`+ security: {`
`14`	`14`	`csp: true`
`15`	`15`	`}`
`16`	`16`	`});`
Original file line number	Diff line number	Diff line change
`@@ -612,7 +612,7 @@ async function generatePath(`
`612`	`612`
`613`	`613`	`if (`
`614`	`614`	`settings.adapter?.adapterFeatures?.experimentalStaticHeaders &&`
`615`		`- settings.config.experimental?.csp`
	`615`	`+ settings.config.security?.csp`
`616`	`616`	`) {`
`617`	`617`	`routeToHeaders.set(pathname, { headers: responseHeaders, route: integrationRoute });`
`618`	`618`	`}`