mirror of
https://github.com/terribleplan/next.js.git
synced 2024-01-19 02:48:18 +00:00
.. | ||
pages | ||
csp.js | ||
package.json | ||
README.md | ||
server.js |
Strict CSP example
How to use
Using create-next-app
Execute create-next-app
with Yarn or npx to bootstrap the example:
npx create-next-app --example with-strict-csp with-strict-csp-app
# or
yarn create next-app --example with-strict-csp with-strict-csp-app
Download manually
Download the example:
curl https://codeload.github.com/zeit/next.js/tar.gz/canary | tar -xz --strip=2 next.js-canary/examples/with-strict-csp
cd with-strict-csp
Install it and run:
npm install
npm run dev
# or
yarn
yarn dev
Deploy it to the cloud with now (download)
now
The idea behind the example
If you want to implement a CSP, the most effective way is to follow the strict CSP approach. For it to work, we need to generate a nonce on every request.
This example uses Helmet to configure the CSP and add the appropriate headers to all server responses. The nonce is generated with uuid. Then we can pass the nonce to <Head>
and <NextScript>
in the custom <Document>
.