1
0
Fork 0
mirror of https://github.com/terribleplan/next.js.git synced 2024-01-19 02:48:18 +00:00
next.js/examples/with-strict-csp/README.md
2018-08-06 20:19:16 -07:00

1.5 KiB

Deploy to now

Strict CSP example

How to use

Using create-next-app

Execute create-next-app with Yarn or npx to bootstrap the example:

npx create-next-app --example with-strict-csp with-strict-csp-app
# or
yarn create next-app --example with-strict-csp with-strict-csp-app

Download manually

Download the example:

curl https://codeload.github.com/zeit/next.js/tar.gz/canary | tar -xz --strip=2 next.js-canary/examples/with-strict-csp
cd with-strict-csp

Install it and run:

npm install
npm run dev
# or
yarn
yarn dev

Deploy it to the cloud with now (download)

now

The idea behind the example

If you want to implement a CSP, the most effective way is to follow the strict CSP approach. For it to work, we need to generate a nonce on every request.

This example uses Helmet to configure the CSP and add the appropriate headers to all server responses. The nonce is generated with uuid. Then we can pass the nonce to <Head> and <NextScript> in the custom <Document>.