JavaScript webframework focuses on security in Astro version 5.9 and allows experimental use of material safety policy (CSP). In addition, the Astro team has added an auxiliary function for the rendering of the markdown material.
The new release can be used by automatic CLI Tool @astrojs/upgrade Or install manually by parcel manager. Here is the recommended method NPX (npx @astrojs/upgrade,
CSP support against cross-site scripting
As the Astro team states, cross-site-scripting attack (XSS) is one of the most common attacks on websites. By default, the website can load any script and styles from any source. The best defense against XSS is therefore limiting. The material security policy here comes into the game by restricting goals in the list of reliable sources.
Astro brings 5.9 experimental support out-of-the-box. CSP can be used in all render mode (static aspects, dynamic sides and single-path applications), giving a high flexibility and type of protection. Workaround unsafe-inline It should become very spectacular.
To use CSP in Astro, it is necessary to activate the experimental flag:
import { defineConfig } from "astro/config"
export default defineConfig({
experimental: {
csp: true
}
})
For example, developers who are already Content-Security-Policy-Reder can continue to do so. The browser then becomes a strict guideline of the header and -UU elements. The latter can also be configured, for example, to replace the standard algorithm or add additional instructions.
Powered by Gamescom Jobs and Career Highs Jobs
(Image: Alexander Supertramp/Shutterstock.com)
Nine out of ten web applications have safety gaps – high time for web developers. The first shows how you can defend yourself against attacks and secure your applications Enterjs Web Safety ThereY on 9 October 2025. At the online conference of dpunkt.verlag and IX, security experts deal with topics such as automated safety tests, use of passki and protection against AI-based attacks.
Highlights from the program:
Tickets for the event – currently with early bird discount – Enterjs are available in ticket shops,
Markdown in content loadarn
Till now, it was a case in Astro that developers themselves had to deal with Markdown’s passing to present the markdown material in a material loader. According to the Astro team, it can cause confusion, as it does not match the functioning of the Markdown render on other parts of the page and used another configuration.
Therefore, 5.9 loader adds a new auxiliary function to the context: renderMarkdownThis allows the rendering of the markdown material directly within the loader. It uses the same settings and plug-in such as render, which is used for markdown files in Astro, which includes the configured markdown settings in the Astro project.
Other updates include that standard styles for that standard styles Practical responsible picture Now there is an inaction and the astro adapter can suppress logging for non-supported features.
Detailed information about highlights in Astro 5.9 Astro provides blog,
(May)
Intel-Macs: Macos 26 excludes the light-end of the launchpad for all
