2018-08-14 18:05:25 +00:00
|
|
|
import crypto from 'crypto'
|
|
|
|
|
import Document, { Head, Main, NextScript } from 'next/document'
|
|
|
|
|
|
2018-12-17 16:34:32 +00:00
|
|
|
const cspHashOf = text => {
|
2018-08-14 18:05:25 +00:00
|
|
|
const hash = crypto.createHash('sha256')
|
|
|
|
|
hash.update(text)
|
|
|
|
|
return `'sha256-${hash.digest('base64')}'`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export default class extends Document {
|
|
|
|
|
render () {
|
2018-12-17 16:34:32 +00:00
|
|
|
const csp = `default-src 'self'; script-src 'self' ${cspHashOf(
|
|
|
|
|
NextScript.getInlineScriptSource(this.props)
|
|
|
|
|
)}`
|
2018-08-14 18:05:25 +00:00
|
|
|
|
|
|
|
|
return (
|
|
|
|
|
<html>
|
|
|
|
|
<Head>
|
|
|
|
|
<meta httpEquiv='Content-Security-Policy' content={csp} />
|
|
|
|
|
</Head>
|
|
|
|
|
<body>
|
|
|
|
|
<Main />
|
|
|
|
|
<NextScript />
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
}
|
