Describe the problem

Even though require-trusted-types-for seems to be present in the list of CSP directives in the configuration, setting it (to script, which is its only value) will actually cause SvelteKit to fail to function properly:

Describe the proposed solution

I don't know much about this directive but it seems like what is assigned to innerHTML properties and whatnot, must be a special "trusted" type — see this article.

SvelteKit (or probably Svelte, more specifically) does do a lot of these things (e.g. changing innerHTML properties and so on), so SvelteKit should probably account for this when this directive is enabled.

Alternatives considered

No response

Importance

nice to have

Additional Information

No response